CVE-2019-17570 PoC — Apache XML-RPC 代码问题漏洞

Source

https://github.com/r00t4dm/CVE-2019-17570

Associated Vulnerability

Title:Apache XML-RPC 代码问题漏洞 (CVE-2019-17570)
Description:An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Description

xmlrpc common deserialization vulnerability

Readme

# CVE-2019-17570

本项目是 CVE-2019-17570的概念验证项目（POC）

File Snapshot


 [4.0K]  /data/pocs/86f78e462d1b1a88e6aed02603f3556ad66aed27
├── [  80]  apacheXmlRpc.iml
├── [1.3K]  pom.xml
├── [  75]  README.md
├── [4.0K]  src
│   └── [4.0K]  main
│       └── [4.0K]  java
│           ├── [1.1K]  App.java
│           ├── [4.0K]  org
│           │   └── [4.0K]  apache
│           │       └── [4.0K]  xmlrpc
│           │           ├── [4.0K]  serializer
│           │           │   └── [5.4K]  XmlRpcWriter.java
│           │           ├── [4.0K]  server
│           │           │   ├── [6.8K]  AbstractReflectiveHandlerMapping.java
│           │           │   ├── [1.1K]  Poc.java
│           │           │   └── [ 586]  XmlRpcNoSuchHandlerException.java
│           │           └── [1.5K]  XmlRpcException.java
│           └── [1.8K]  responseTest.java
└── [4.0K]  target
    └── [4.0K]  classes
        ├── [1.5K]  App.class
        ├── [ 623]  evilCalc.class
        ├── [2.5K]  responseTest.class
        └── [1.2K]  User.class

10 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!