In Apache Shiro 1.2.4 and previous versions, the encrypted user information is serialized and stored in a Cookie named remember-me. Attackers can use Shiro’s default key to forge user cookies, triggering a Java deserialization vulnerability, and then execute arbitrary commands on the target machine.
influence scope
Apache Shiro version < = 1. p>
vulnerability copy
1. Vulhub into the vulnerability directory pull up environment
2. Visit http://ip:8080, you can see the login interface
3. Input the password of any account and connect remeber me, grab the pack and view the returned set-cookie field. RemeberMe =deleteMe field
4 exists.
5. Select dnslog.cn for vulnerability detection
6. Key and Gadget
7 were retrieved. But after executing the command, I found that I could not see the echo
8. Alternatively, if you choose to use echo for vulnerability detection, you can provide a static resource URL that the program will use as a write directory
9.
repair Suggestions
update shiro version
Read More:
- [vulnerability recurrence] phpMyAdmin scripts / setup.php deserialization vulnerability (wooyun-2016-199433)
- PHP connection to MySQL database error: call to undefined function MySQL_ connect()
- [How to Solve]Warning: connect.static is not a function
- The spring boot project directly replaces the referenced jar package
- Fatal error: Uncaught Error: Call to undefined function mysql_ Connect() problem solving
- [How to Fix] error: file ‘/boot/grub/i386-pc/normal.mod’ not found
- Some mistakes and solutions in Django
- Zookeeper Failed to Start Error: start failed [How to Solve]
- Pikachu vulnerability is installed in the shooting range, and an error is reported when connecting to the MySQL database
- Encounter: cannot open volume for direct access
- MySQL error 1054 (42s22) unknown column ‘password’ in ‘field list’
- [Solved] IE Browser Upload Files Error: org.apache.tomcat.util.http.fileupload.FileUploadException: Stream ended unexpectedly
- User space operation GPIO error echo: write error: device or resource busy error resolution
- [problem solving] Error:failed to get canonical path of /cow
- Vsftpd: 500 oops: vsftpd: refusing to run with writable root inside chroot() error
- Summary of Hadoop error handling methods
- C ා programming encountered an object reference is required for the non-static field, method, or property error
- Related configuration of mybatis project
- Springboot starts, closes, and restarts scripts as jar packages
- MySQL: if the remote connection using navicatip fails, prompt “is not allowed to connect to this MySQL server”