Antabot White-Jotter Unauthenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Antabot White-Jotter, all versions prior to commit 9bcadc. This vulnerability arises from improper access control in the Shiro configuration, combined with unsafe log4j usage, allowing unauthenticated users to execute arbitrary commands.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server where White-Jotter is hosted.

Reproduction

To reproduce this vulnerability, send a POST request to '/api/aaa;/../register' with a payload that includes a username formatted as a JNDI LDAP injection (pointing to a local LDAP server) and other required registration details. After the user is registered, log in using the injected username to obtain a session cookie. Finally, access an admin endpoint, such as '/api/admin/content/article', to trigger the command execution via the injected JNDI payload.