1. 极安网首页
  2. 网络安全技术

Apache Shiro Servlet未授权访问浅析(CVE-2020-1957)

简介

CVE-2020-1957,Spring Boot中使用Apache Shiro进行身份验证、权限控制时,可以精心构造恶意的URL,利用Apache Shiro和Spring Boot对URL的处理的差异化,可以绕过Apache Shiro对Spring Boot中的Servlet的权限控制,越权并实现未授权访问

环境

  • Java(TM) SE Runtime Environment (build 1.8.0_112-b16)
  • Apache Shiro 1.5.1
  • Spring Boot 1.5.22.RELEASE

项目代码可以通过threedr3am师傅项目进行魔改,加深理解

https://github.com/threedr3am/learnjavabug

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.22.RELEASE</version>
    <relativePath/>
  </parent>

  <modelVersion>4.0.0</modelVersion>
  <artifactId>cve-2020-1957</artifactId>
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <configuration>
          <source>7</source>
          <target>7</target>
        </configuration>
      </plugin>
    </plugins>
  </build>

  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-web</artifactId>
      <version>1.5.1</version>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-spring</artifactId>
      <version>1.5.1</version>
    </dependency>
  </dependencies>

</project>

本文转载:先知社区,不代表 极安网 立场,转载请注明出处:https://secvery.com/659.html