This repository has been archived by the owner on Jul 25, 2024. It is now read-only.

NettyMemshell 注入成功时漏洞缺报 #36

Open

c0r1 opened this issue Oct 15, 2022 · 0 comments

c0r1 commented Oct 15, 2022

漏洞利用状态检查使用的方法错误，这里的 header 实际添加到了 Request Body 中，导致 NettyMemshell 注入成功时检测利用状态失败，导致漏洞缺报

SpringBootExploit/src/main/java/com/drops/exp/SpringCloudGatewayRCEEXP.java

Line 44 in d38a773

    
           String re6 = HTTPUtils.postRequestV1(target, "?cmd=echo "+ endpoint, header).toString();

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.