Apache shiro 1.2.4 version of remote command execution vulnerability details-vulnerability warning-the black bar safety net

ID MYHACK58:62201782985
Type myhack58
Reporter zhujunboabc
Modified 2017-01-18T00:00:00


Search, I found online about apache shiro 1.2.4 version of the vulnerability consolidation report to write too simple, is perhaps the bigwigs speaking of professional, I this noob can't read the reason, specially in the local do a full show. First from the shiro official get shiro 1.2.4 of the source package, the address: https://github.com/apache/shiro/releases/tag/shiro-root-1.2.4 on the inside choose 1. 2. 4 version of the shiro source code to download. After the download is complete, unzip the file: ! Because it is open source project, you need to configure a maven environment, the specific environment configuration can Baidu view. The decompression is completed, enter the directory shiro-shiro-root-1.2.4\samples\web, because it is the maven build of the open source project, we need to first project the conversion into a war package to deploy. ! Here we need to install maven, go to the maven official website, download the maven, configuring maven environment variables, execute the mvn-v, as shown below, indicating that you installed maven and configured the environment. ! Next, the shiro example be converted into an eclipse project, cmd into the shiro-shiro-root-1.2.4\samples\web directory, execute: mvn eclipse:eclipse ! Next is the long wait Internet speed is slow, and wait until all jars are complete a download after successful compiling into one eclipse project ! Project path has been generated eclipse project, as shown: ! Import the project into eclipse, the error message prompt: ! This is the case, through the Baidu search to solve the method: 1, Right-click on your project, select Maven -> Disable Maven Nature. 2, Open you terminal, go to your project folder and do “mvn eclipse:clean” 3, Right click on your Project and select “Configure -> Convert into Maven Project” After the above step after the construction of the normal compile, no error ! Next, we need to export a war package to put to our tomcat directory, to start this demo. 1, to determine the pom. the xml configuration for war. ! 2, The 右 键 pom.xml and run as maven install ! Run after successful compile ! In the project directory, you can find war package has been successfully compiled: ! Modify the war the name of the package to shiro. war, in order to facilitate engineering access, deploy to tomcat, placing it to the tomcat webapps directory, start tomcat can be ! A successful start, and access http://localhost:8080/shiro/ ! web Access: Here, we demo only the success of the deployment is completed. Next you need to generate the payload, by looking at the apache official description: (1)The rememberMe cookie (2)CookieRememberMeManager.java (3)Base64 (4)AES (5)the encryption key is hard-coded (6)Java serialization Generate a payload of the way, is the need for this several parts, here I attached my code for your reference: import java. io. ByteArrayOutputStream; import java. io. FileOutputStream; import java. io. FileWriter; import java. io. IOException; import java. io. ObjectOutputStream; import java. security. Key; import javax. crypto. Cipher; import javax. crypto. spec. IvParameterSpec;

[1] [2] [3] [4] [5] next