Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function #116

Closed
1979139113 opened this issue Nov 16, 2021 · 0 comments

Comments

@1979139113
Copy link

Just download a plugin and intercept your data package.

image

data package like this

image

modify the JAR just downloaded, join the malicious code in the startup class.

image

then modify the parameter host to the malicious JAR file download address

image

after download, malicious code will be executed

image


Download Record

image

@94fzb 94fzb closed this as completed Apr 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants