Quequnlong Shiyi-Blog Deserialization Vulnerability in Job Handler Component Allowing Remote Command Execution
Vulnerability
A deserialization vulnerability has been identified in Quequnlong Shiyi-Blog versions through 1.2.1. The issue resides in the Job Handler component, specifically within the SysJobController.java file. This vulnerability allows for remote execution of system commands by deserializing untrusted data without proper validation. The exploitation of this vulnerability has been made public and is available as a proof-of-concept.
Impact
Exploitation of this vulnerability allows for remote command execution on the server where Shiyi-Blog is hosted.
Reproduction
To reproduce this vulnerability, access the 'Scheduled tasks' section in the administrator monitoring center. Once there, add a new task and fill in the 'Call Method' field with a payload that exploits the deserialization flaw, such as one that uses SnakeYAML to load a malicious Java object. After submitting the task, the injected command will be executed on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.