漏洞平台

POC详情： eb66d1095ff5f660b0b6ce0d6e41942982c8b504

来源

https://github.com/cucadili/CVE-2017-3066

关联漏洞

标题： Adobe ColdFusion 安全漏洞 (CVE-2017-3066)
描述：Adobe ColdFusion是美国奥多比（Adobe）公司的一款动态Web服务器产品，其运行的CFML（ColdFusion Markup Language）是针对Web应用的一种程序设计语言。 Adobe ColdFusion中存在java反序列化漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码或造成拒绝服务。以下版本受到影响：Adobe ColdFusion (2016 release) Update 3及之前的版本，ColdFusion 11 Update 11及之前的版本，Col

描述

The study of vulnerability CVE-2017-3066. Java deserialization

介绍

# CVE-2017-3066
## Description
Adobe ColdFusion uses message format the Action (AMF). The AMF Protocol is a custom binary serialization Protocol. It has two formats: AMF0 and AMF3. Action message consists of headers and bodies. There are several implementations of AMF in different languages. For Java we have Adobe BlazeDS (now Apache BlazeDS) which is also used in Adobe ColdFusion.
Adobe Coldfusion is affected to a Java Deserialisation Flaw in its Apache BlazeDS Library when it handles untrusted Java Objects which further gives Attacker the permission to attack remotely as a Remote Code Execution Vulnerability.
## Vulnerable Version
![alt text](screen/vuln_version.PNG "Vulnerable Version")

## Update Version
![alt text](screen/update_version.PNG "Update Version")
## Comparison of vulnerable and updated version
WinMerge
Update files:
![alt text](screen/Update_flex.PNG "Update file")

The flex-messaging-core.jar library contains the class flex.messaging.validators.ClassDeserializationValidator that performs validation. Therefore, it was separately decompiled using the Java Decompiler and once again launched for comparison in WinMerge.

![alt text](screen/add_check.PNG "Add Check")

## Install
Install and Exploiting: <https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2017-3066>

## Suricata
In the file "test.rules " presents a rule for the Suricata utility. The rule allows network traffic to detect exploitable vulnerabilities.
The rule is connected in the `/etc/suricata/suricata file.yaml`:
```
    default-rule-path: /etc/suricata 
    rule-files: 
     - test.rules
```
RUN:
```
suricata -c /etc/suricata/suricata.yaml –I ens33
```
Log `/var/log/suricata/fast.log`

Signature 79 73 6F 73 65 72 69 61 = ysoserial

文件快照


 [4.0K]  /data/pocs/eb66d1095ff5f660b0b6ce0d6e41942982c8b504
├── [1.7K]  README.md
├── [4.0K]  screen
│   ├── [114K]  add_check.PNG
│   ├── [ 71K]  Update_flex.PNG
│   ├── [ 27K]  update_version.PNG
│   └── [ 45K]  vuln_version.PNG
└── [ 149]  test.rules

1 directory, 6 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。