CVE-2018-16621 PoC — Sonatype Nexus Repository Manager 代码注入漏洞

Source

https://github.com/Loucy1231/Nexus-Repository-Manager3-EL-CVE-2018-16621-https-www.cve.org-CVERecord-id-CVE-2018-16621-

Associated Vulnerability

Title:Sonatype Nexus Repository Manager 代码注入漏洞 (CVE-2018-16621)
Description:Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

Readme

### 本脚本针对Nexus Repository Manager3 EL注入（[CVE-2018-16621](https://www.cve.org/CVERecord?id=CVE-2018-16621)）漏洞，一键执行漏洞利用反弹shell

#### 运行示例：

<img src="pic/nexus运行自动化脚本.png" alt="nexus运行自动化脚本" style="zoom:25%;" />

在攻击机本地运行脚本，根据提示输入靶机ip、端口、本机监听ip、端口，之后即可一键执行漏洞利用代码，GET反弹Shell。

File Snapshot


 [4.0K]  /data/pocs/f71b0b93f291e237905fde37b93fcd40bc03983a
├── [4.6K]  nexus_poc.py
├── [4.0K]  pic
│   └── [ 69K]  nexus运行自动化脚本.png
└── [ 452]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →