漏洞描述
FH Admin是一款java快速开发平台,适用于快速搭建平台,该平台存在Shiro反序列化漏洞,该平台使用的为默认密钥,攻击者可通过该漏洞执行任意命令。
FH Admin Shiro反序列化漏洞
PoC代码
暂无相关漏洞推荐
- hue-default-credential: Cloudera Hue Default Admin Login
- shiro-key-detect: Shiro Key Detection
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2007-5728: phpPgAdmin <=4.1.1 - Cross-Site Scripting
- POC CVE-2008-5587: phpPgAdmin <=4.2.1 - Local File Inclusion
- POC CVE-2009-1151: PhpMyAdmin Scripts - Remote Code Execution
- POC CVE-2011-4926: Adminimize 1.7.22 - Cross-Site Scripting
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2015-2863: Kaseya Virtual System Administrator - Open Redirect
- POC CVE-2015-4127: WordPress Church Admin <0.810 - Cross-Site Scripting
- POC CVE-2016-1000126: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC CVE-2016-1000138: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability