aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63285f61aaf4501a6660be7dfe98c70135c1b89b
vulhub/java/rmi-codebase/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

26 lines
784 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Java RMI Codebase 远程代码执行漏洞
Java Remote Method InvocationRMI是Java中用于远程过程调用的机制。在满足特定条件的情况下RMI客户端可以通过指定`java.rmi.server.codebase`参数使服务端加载远程对象从而执行任意Java字节码。
参考链接:
- <https://docs.oracle.com/javase/7/docs/technotes/guides/rmi/codebase.html>
- <https://paper.seebug.org/1091/>
## 环境搭建
执行如下命令编译及启动RMI Registry和服务器
```
docker compose build
docker compose run -e RMIIP=your-ip -p 1099:1099 -p 64000:64000 rmi
```
`your-ip`替换为你的服务器IP地址客户端将使用此IP连接服务器。
环境启动后RMI Registry将监听在1099端口。
## 漏洞复现
待完善。
Reference in New Issue View Git Blame Copy Permalink