2024.5.16
没想到这个环境还有挺多人用,我更新了一下,打包成了jar,并且可以docker运行:docker compose up -d
heapdump泄露Shiro key从而RCE的漏洞环境
This is a heapdump leaks Shiro key causing RCE vulnerability environment.
Shiro deserialization is an unfixable vulnerability. As long as you have the Shiro key, you can exploit it, Visit https://xz.aliyun.com/t/11908 for full content.
After loading the vulnerability environment, you can see that the Shiro version is 1.8.0:
Access /actuator/heapdump on port 8080 to obtain the heapdump file:
Get the shiro key from heapdump:
Vulnerability exploited successfully:
Restart the server to obtain the shiro key again. You can see that the key has changed, because a new key is randomly generated every time it is started:
Vulnerability exploited successfully again using new key:
