Apache UNO API Remote Code Execution
PoC script to show the ability to execute code remotely using the Apache UNO API.
The RCE is present in Windows and Linux distributions that are running the StarOffice manager.
You will need to install the PyNO library on the machine that you want to execute the script on, this can be done by issueing the following command:
sudo apt-get install python3-unoThe target machine needs to run the StarOffice manager for the RCE to be present. The presence of the StarOffice manager that is externally reachable can be tested by looking at the banner:
e'com.sun.star.bridge.XProtocolPropertiesUrpProtocolProperties.UrpProtocolPropertiesTid'The script accepts the following parameters:
- --host the host to connect to
- --port the port that the StarOffice manager instance is running on
uno-rce.py --host 10.10.10.101 --port 2083