Description
Successfully built and run the project locally
Enter the background to deploy management: This system supports the function of remotely deploying applications to third-party services. The original intention of designing this project should be to better maintain and manage remote services
The implementation point of this RCE is the upload interface. First, edit the remote server (I open the local ssh server to simulate the remote server)
Here you need to ensure that the link can be successful
Then add a new application, as shown below:(Modify the application name to malicious attack payload)
Then deploy and upload files with one click to achieve the purpose of RCE
At this point the vulnerability will be successfully executed on the target server
Here is the data package for the vulnerability exploit
At the code level, the checkFile function is called during the first remote deployment to detect whether the deployment file exists and determine whether it is the first deployment. When the checkFile function is executed, a problem occurs at the internal command splicing point, which allows us to modify the application name to a malicious instruction and achieve RCE on the third-party target server.
