[Tutorial] how small white hat with the public to achieve the Sky measured six months after the 00 bonus monthly income of over a million
Original Sky platform Sky platform today
But, as the letter of hope Cian
Of course, a cup of cold extraction continue their lives duck
Public measured review "outsider"
Carrying a child analyze gas inlet Bureau for the moment you master
2019 get a bonus of 7,8-digit chefs
Command execution vulnerability accounted for half of bonuses
Below please "outsider" to chefs talk about you, chatter chatter
Want to get in all the measured inside bonuses need to focus on what "command"
weblogic deserialization
WebLogic is used to develop, integrate, deploy and manage large-scale distributed Java application server, Web applications, Web applications and database applications, and is widely used in the financial sector (banking, securities, etc.), government sector (tax, human society), and the insurance industry and other industries, has been WebLogic deserialization vulnerability after another, the following 19 years, several typical vulnerabilities:
(1) CVE-2019-2725:
Xmldecoder caused by deserialization vulnerability is CVE-2017-10271 patch bypass, analytical articles refer Cian letter CERT article: CVE-2019-2725 Weblogic deserialization remote code execution vulnerability analysis.
(2) CVE-2019-2729:
But also by the deserialization vulnerability xmldecoder caused after the repair is Oracle CVE-2019-2725 released a patch, security researchers found that can be used to bypass the jdk version features a new vulnerability CVE-2019-2725 patch resulting in the vulnerability principle and analytical articles reference: analysis CVE-2019-2729 WebLogic RCE vulnerability whitelist patch.
(3) CVE-2020-2551:
Weblogic of vulnerability for the iiop protocol deserialization vulnerability is weblogic except t3 protocol enabled by default protocol vulnerabilities, vulnerability analysis and detection principle Tools Reference: CVE-2020-2551 IIOP protocol deserialization analysis.
fastjson deserialization
FastJson Ali is an open source framework, many companies are using, is a very good Json framework, are widely used in all walks of life, it is found in remote code execution vulnerability 2019 FastJson.
An attacker can achieve remote code execution JSON data submitted by carefully constructed; The analysis found that the use pattern on only FastJson version 1.2.48 or less. Vulnerability analysis of the article as follows: FastJson remote code execution vulnerability analysis.
Shiro deserialization
Apache Shiro is a powerful and easy to use Java security framework for authentication, authorization, password and session management. In shiro less than 1.2.4, because the encryption key is hard-coded lead to deserialization vulnerability, vulnerability analysis article reference: Apache Shiro Java deserialization vulnerability analysis.
Apache Axis (<= 1.4 version) RCE
Apache AXIS1 is an open source, build XML-based Web services architecture. It contains a SOAP server Java and C ++ language, as well as a variety of public services and API to build and deploy Web services applications. AdminService default only allows native access, improper configuration of external open the case, you can use this interface to create a webservice to call the public methods available under CLASSPATH class, and then execute the command, read and write files and so on. Firstly, using the process to create AdminService webservice freemarker.template.utility.Execute call, and then call exec method freemarker.template.utility.Execute execute arbitrary commands.
