forked from DawnFlame/POChouse
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
wintrysec
committed
May 31, 2021
1 parent
e790ec7
commit 1a9b5fd
Showing
6 changed files
with
34 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| ## 漏洞概述 | ||
|
|
||
| JBoss 的 HttpInvoker 组件中的 ReadOnlyAccessFilter 过滤器中。该过滤器在没有进行任何安全检查的情况下尝试将来自客户端的数据流进行反序列化,从而导致了漏洞。 | ||
|
|
||
| ## 影响范围 | ||
|
|
||
| ```http | ||
| JBoss AS 5.X | ||
| JBoss AS 6.X | ||
| ``` | ||
|
|
||
| ## EXP | ||
|
|
||
| 图形化利用工具 jboss_CVE-2017-12149.jar [@YunXu](https://github.com/yunxu1) | ||
|
|
||
|  | ||
|
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| ## 应用简介 | ||
|
|
||
|  | ||
|
|
||
| 是一个基于J2EE的开放源代码的应用服务器。 | ||
|
|
||
| ## 相关资产 | ||
|
|
||
| FOFA | ||
|
|
||
| ```http | ||
| app="RedHat-JBoss" | ||
| ``` | ||
|
|
||
| ## 环境搭建 | ||
|
|
||
| Docker |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.