Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4450 PoC — jeecgboot JimuReport Template injection

Source
https://github.com/ilikeoyt/CVE-2023-4450-Attack
Associated Vulnerability
Title:jeecgboot JimuReport Template injection (CVE-2023-4450)
Description:A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.
Readme
# CVE-2023-4450-Attack

用于攻击JimuReport的CVE-2023-4450漏洞的自动化工具

## 简介

本工具只可用于安全测试,勿用于非法用途!

## Usage

```
java -jar CVE-2023-4450-Attack.jar
```

提供了三个功能:命令执行、CMD/冰蝎内存马

![image-20240207120218188](/readme.assets/image-20240207120218188.png)

注入冰蝎内存马后进行如下配置:

![image-20240207141106998](/readme.assets/image-20240207141106998.png)

## SomeTestResult

![image-20240207120406410](/readme.assets/image-20240207120406410.png)

![image-20240207120426858](/readme.assets/image-20240207120426858.png)

![image-20240207141502101](/readme.assets/image-20240207141502101.png)

## 结语

第一次做武器化工具,希望此工具能在您渗透测试时提供帮助,如有建议,欢迎提交issue!

同时致谢:Nivia、baicany两位师傅!!
File Snapshot

 [4.0K]  /data/pocs/bf9a4e62e2000fde58863afb82fc94bb0085f6c6
├── [ 20M]  CVE-2023-4450-Attack.jar
├── [9.1K]  GUI.iml
├── [2.2K]  pom.xml
├── [4.0K]  readme.assets
│   ├── [ 20K]  image-20240207120218188.png
│   ├── [ 19K]  image-20240207120406410.png
│   ├── [ 20K]  image-20240207120426858.png
│   ├── [ 29K]  image-20240207141106998.png
│   └── [ 66K]  image-20240207141502101.png
├── [ 883]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   ├── [3.9K]  AntSwordShell.java
        │   ├── [4.2K]  BehinderShell.java
        │   ├── [4.0K]  Command_execution
        │   │   └── [1.6K]  Exp.java
        │   ├── [1.4K]  GetBytes.java
        │   ├── [3.9K]  InceptorMemShell.java
        │   └── [6.2K]  View.java
        └── [4.0K]  resources
            ├── [  39]  MANIFEST.MF
            └── [4.0K]  META-INF
                └── [  40]  MANIFEST.MF

7 directories, 17 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →