Invia #621105: Antabot White-Jotter v0.22 deserialization attackinformazioni

TitoloAntabot White-Jotter v0.22 deserialization attack
DescrizioneThe Shiro key is hardcoded in the com.gm.wj.config.ShiroConfiguration class, which leads to a Shiro deserialization vulnerability. The string EVANNIGHTLY_WAOU, when Base64-encoded, becomes RVZBTk5JR0hUTFlfV0FPVQ==, and can be used in conjunction with the CB (CommonsBeanutils) gadget chain to perform deserialization attacks, resulting in Remote Code Execution (RCE).
Fonte⚠️ https://github.com/Antabot/White-Jotter/issues/161
Utente
 ez-lbz (UID 87033)
Sottomissione23/07/2025 02:21 (11 mesi fa)
Moderazione07/08/2025 16:17 (16 days later)
StatoAccettato
Voce VulDB319138 [Antabot White-Jotter 0.22 com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager escalationi di privilegi]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!