RCE in production server
voice kolai
abhikaf at gmail.com
Fri Mar 10 00:57:45 EST 2017
Hello team,
This is pretty bad. The production web app is running as root and anyone
can get access to the system using recent apache struts 2 RCE in atlassian
bamboo.
proof of concept:
Run the given python file.
[cmd]>>id
uid=0(root) gid=0(root) groups=0(root)
[cmd]>>uname -a
Linux e370b9fb4a9e 4.5.5-x86_64-linode69 #3 SMP Fri May 20 15:25:13 EDT
2016 x86_64 GNU/Linux
Although Atlassian messed up here, you guys shouldn't run the application
as root. :-)
I have contacted Atlassian as well regarding this issue.
Thanks,
Abhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170309/831cb718/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin.py
Type: text/x-python-script
Size: 1637 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170309/831cb718/attachment.bin>
More information about the security
mailing list