You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly installed and used online through the plug-in management of PerfreeBlog background. If an attacker develops a plug-in and inserts malicious code, uploading the malicious plug-in after the malicious code is parsed can trigger command execution.
affected version
<= v3.1.2
vulnerability analysis
Download the latest PerfreeBlog running package and decompress it.
After the directory is decompressed, run start.bat
2, Access the Web service, initialize the database and administrator account.
Make a plug-in with malicious code.
Plug-in development refer to: https://perfree.gitee.io/plugin-develop/create.html.
The malicious code is as follows: the calculator pops up when admin/plugin/access/list is accessed.
Upload the plug-in and run.
access the admin/plugin/access/list interface and execute the malicious code successfully.
The text was updated successfully, but these errors were encountered:
"it is packaged as a jar package, which can be directly installed and used online through the plug-in management of PerfreeBlog background"
So how is this a vulnerability? It requires admin access to then use intended functionality. It's a trusted interface, so if an admin wants to run arbitrary code, there is likely other ways to do that which are intended as well, no?
Vulnerability information
PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly installed and used online through the plug-in management of PerfreeBlog background. If an attacker develops a plug-in and inserts malicious code, uploading the malicious plug-in after the malicious code is parsed can trigger command execution.
affected version
<= v3.1.2
vulnerability analysis
After the directory is decompressed, run start.bat
2, Access the Web service, initialize the database and administrator account.
Make a plug-in with malicious code.
Plug-in development refer to: https://perfree.gitee.io/plugin-develop/create.html.
The malicious code is as follows: the calculator pops up when admin/plugin/access/list is accessed.
Upload the plug-in and run.
The text was updated successfully, but these errors were encountered: