Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@lz2y
lz2y committed Jul 27, 2021
0 parents commit e236cd3
Show file tree
Hide file tree
Showing 23 changed files with 1,162 additions and 0 deletions.
2 changes: 2 additions & 0 deletions DubboPOC.iml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="JAVA_MODULE" version="4" />
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# DubboPOC
Apache Dubbo 漏洞POC

* 持续更新中
- [ ] CVE-2019-17564
- [ ] CVE-2020-1948
- [x] CVE-2020-1948绕过
- [ ] CVE-2021-25641
- [x] CVE-2021-30179
- [ ] others
* 免责声明
* 项目仅供学习使用,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责

* 参考链接

* [GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo](https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/)
* [dubbo源码浅析:默认反序列化利用之hessian2](https://www.anquanke.com/post/id/197658)
183 changes: 183 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>org.example</groupId>
<artifactId>DubboPOC</artifactId>
<version>1.0-SNAPSHOT</version>

<properties>
<source.level>1.8</source.level>
<target.level>1.8</target.level>
<dubbo.version>2.7.9</dubbo.version>
<spring.version>4.3.16.RELEASE</spring.version>
<junit.version>4.12</junit.version>
</properties>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-bom</artifactId>
<version>${dubbo.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-dependencies-zookeeper</artifactId>
<version>${dubbo.version}</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.10.8</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.9.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.9.10</version>
</dependency>
<dependency>
<groupId>com.sun.rowset</groupId>
<artifactId>rowset</artifactId>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
</dependency>

<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-dependencies-zookeeper</artifactId>
<type>pom</type>
</dependency>

<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</dependency>

<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>


<dependency>
<groupId>com.github.briandilley.jsonrpc4j</groupId>
<artifactId>jsonrpc4j</artifactId>
<version>1.2.0</version>
</dependency>

<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>

<dependency>
<groupId>com.rometools</groupId>
<artifactId>rome</artifactId>
<version>1.7.0</version>
</dependency>

<dependency>
<groupId>com.nqzero</groupId>
<artifactId>permit-reflect</artifactId>
<version>0.3</version>
</dependency>

<dependency>
<groupId>org.apache.xbean</groupId>
<artifactId>xbean-reflect</artifactId>
<version>4.15</version>
</dependency>

<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.0</version>
</dependency>

</dependencies>


<profiles>
<!-- For jdk 11 above JavaEE annotation -->
<profile>
<id>javax.annotation</id>
<activation>
<jdk>[1.11,)</jdk>
</activation>
<dependencies>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.2</version>
</dependency>
</dependencies>
</profile>
</profiles>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>7</source>
<target>7</target>
</configuration>
</plugin>
</plugins>
</build>

</project>
Binary file added src/main/java/top/lz2y/1.ser
Binary file not shown.
149 changes: 149 additions & 0 deletions src/main/java/top/lz2y/blacklist.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
0 = "org.apache.commons.beanutils"
1 = "org.logicalcobwebs."
2 = "org.codehaus.groovy.runtime"
3 = "com.mysql.cj.jdbc.mysqlxadatasource"
4 = "com.alibaba.druid.stat.jdbcdatasourcestat"
5 = "com.sun."
6 = "org.objectweb.asm."
7 = "org.apache.commons.proxy."
8 = "clojure.core$constantly"
9 = "java.io.closeable"
10 = "org.apache.commons.logging."
11 = "java.util.collection"
12 = "org.jdom."
13 = "java.net.socket"
14 = "org.apache.cxf.jaxrs.provider."
15 = "org.apache.activemq.activemqconnectionfactory"
16 = "java.lang.readable"
17 = "javax.tools."
18 = "org.apache.myfaces.context.servlet"
19 = "org.apache.shiro.realm."
20 = "net.bytebuddy.dynamic.loading.bytearrayclassloader"
21 = "javax.sound."
22 = "com.mchange"
23 = "java.net.inetaddress"
24 = "org.apache.tomcat"
25 = "org.apache.openjpa.ee."
26 = "net.sf.ehcache.hibernate."
27 = "java.util.prefs."
28 = "jodd.db.connection."
29 = "java.lang.autocloseable"
30 = "javax.xml"
31 = "javax.activation."
32 = "org.apache.http.cookie."
33 = "org.apache.ibatis.datasource"
34 = "javax.script."
35 = "org.apache.log4j."
36 = "org.eclipse.jetty."
37 = "net.sf.cglib."
38 = "org.javasimon."
39 = "com.rometools.rome.feed.impl.equalsbean"
40 = "org.apache.carbondata.core.scan.expression.expressionresult"
41 = "com.taobao.eagleeye.wrapper"
42 = "org.yaml.snakeyaml.tokens.directivetoken"
43 = "com.ibatis."
44 = "aj.org.objectweb.asm."
45 = "flex.messaging.util.concurrent."
46 = "org.springframework."
47 = "javax.net."
48 = "org.quartz."
49 = "org.apache.commons.collections.comparators."
50 = "org.jboss"
51 = "org.apache.wicket.util"
52 = "org.apache.ibatis.executor."
53 = "org.apache.ibatis.parsing."
54 = "org.apache.catalina."
55 = "net.sf.ehcache.transaction.manager."
56 = "org.mortbay.jetty."
57 = "org.python.core"
58 = "org.apache.ibatis.scripting."
59 = "java.lang.runnable"
60 = "java.beans.expression"
61 = "org.h2.server."
62 = "org.apache.activemq.pool."
63 = "org.apache.shiro.jndi."
64 = "java.lang.object"
65 = "com.rometools.rome.feed.impl.tostringbean"
66 = "javax.imageio.imageio$containsfilter"
67 = "org.apache.aries.transaction."
68 = "com.alibaba.fastjson.annotation"
69 = "java.rmi"
70 = "ch.qos.logback."
71 = "com.mysql.cj.log."
72 = "org.apache.activemq.activemqxaconnectionfactory"
73 = "com.mysql.cj.jdbc.admin."
74 = "org.apache.http.impl."
75 = "junit."
76 = "org.apache.cocoon."
77 = "java.util.eventlistener"
78 = "org.hibernate"
79 = "org.apache.axis2.jaxws.spi.handler."
80 = "org.apache.commons.dbcp"
81 = "java.lang.iterable"
82 = "com.alibaba.druid.pool.druiddatasource"
83 = "org.apache.hadoop.shaded.com.zaxxer.hikari."
84 = "br.com.anteros."
85 = "java.io.serializable"
86 = "org.slf4j."
87 = "org.jaxen."
88 = "com.alibaba.citrus.springext.support.parser.abstractnamedproxybeandefinitionparser$proxytargetfactory"
89 = "oracle.jms.aq"
90 = "org.apache.xbean."
91 = "org.apache.commons.collections.transformer"
92 = "com.mysql.cj.jdbc.mysqlconnectionpooldatasource"
93 = "org.apache.commons.collections4.comparators"
94 = "org.apache.activemq.spring."
95 = "oracle.jdbc."
96 = "java.util.logging."
97 = "oracle.net"
98 = "org.apache.commons.collections.functors"
99 = "org.codehaus.jackson."
100 = "org.apache.commons.collections.functors."
101 = "javax.naming."
102 = "jdk.internal."
103 = "org.apache.commons.jelly."
104 = "org.apache.axis2.transport.jms."
105 = "com.caucho."
106 = "com.mysql.cj.jdbc.mysqldatasource"
107 = "org.apache.xalan"
108 = "org.geotools.filter.constantexpression"
109 = "javax.management."
110 = "java.awt.i"
111 = "org.apache.activemq.jms.pool."
112 = "org.apache.commons.fileupload"
113 = "javassist."
114 = "org.apache.ibatis.javassist."
115 = "com.zaxxer.hikari."
116 = "org.apache.logging."
117 = "org.jdom2.transform."
118 = "java.lang.cloneable"
119 = "org.apache.commons.collections4.functors"
120 = "javax.imageio.spi.serviceregistry"
121 = "com.p6spy.engine."
122 = "org.h2.jdbcx."
123 = "com.alipay.custrelation.service.model.redress.pair"
124 = "org.apache.bcel"
125 = "org.apache.http.conn."
126 = "org.apache.xpath.xpathcontext"
127 = "java.lang.thread"
128 = "java.util.serviceloader$lazyiterator"
129 = "org.apache.commons.configuration"
130 = "java.awt.p"
131 = "org.apache.ibatis.ognl."
132 = "org.apache.commons.collections4.transformer"
133 = "org.apache.ignite.cache.jta."
134 = "java.lang.class"
135 = "java.net.url"
136 = "java.lang.unixprocess"
137 = "java.util.jar."
138 = "org.mozilla.javascript"
139 = "java.security.signedobject"
140 = "sun.rmi.server.unicastref"
141 = "javax.swing.j"
142 = "org.osjava.sj."
143 = "clojure.main$eval_opt"
144 = "org.apache.ibatis.reflection."
145 = "org.apache.http.auth."
146 = "javax.print."
147 = "org.aoju.bus.proxy.provider."
148 = "com.alibaba.citrus.springext.util.springextutil.abstractproxy"
37 changes: 37 additions & 0 deletions src/main/java/top/lz2y/impl/DemoServiceImpl.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/

package top.lz2y.impl;

import org.apache.dubbo.rpc.RpcContext;
import top.lz2y.service.DemoService;

import java.text.SimpleDateFormat;
import java.util.Date;

public class DemoServiceImpl implements DemoService {

@Override
public String sayHello(String name) {
System.out.println("[" + new SimpleDateFormat("HH:mm:ss").format(new Date()) + "] Hello " + name +
", request from consumer: " + RpcContext.getContext().getRemoteAddress());
return "Hello " + name + ", response from provider: " + RpcContext.getContext().getLocalAddress();
}

}
Loading

0 comments on commit e236cd3

Please sign in to comment.