{"id":1189,"date":"2022-12-15T15:07:47","date_gmt":"2022-12-15T07:07:47","guid":{"rendered":"https:\/\/blog.langsasec.cn\/?p=1189"},"modified":"2022-12-15T15:09:19","modified_gmt":"2022-12-15T07:09:19","slug":"%e6%bc%8f%e6%b4%9e%e5%a4%8d%e7%8e%b0-cve-2016-4437","status":"publish","type":"post","link":"https:\/\/blog.langsasec.cn\/index.php\/2022\/12\/15\/%e6%bc%8f%e6%b4%9e%e5%a4%8d%e7%8e%b0-cve-2016-4437\/","title":{"rendered":"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0"},"content":{"rendered":"<h2><span class=\"ez-toc-section\" id=\"%e6%bc%8f%e6%b4%9e%e6%a6%82%e8%bf%b0\"><\/span>\u6f0f\u6d1e\u6982\u8ff0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Apache Shiro 1.2.4\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff08CVE-2016-4437\uff09<\/p>\n<p>Apache Shiro\u662f\u4e00\u6b3e\u5f00\u6e90\u5b89\u5168\u6846\u67b6\uff0c\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u3001\u5bc6\u7801\u5b66\u548c\u4f1a\u8bdd\u7ba1\u7406\u3002Shiro\u6846\u67b6\u76f4\u89c2\u3001\u6613\u7528\uff0c\u540c\u65f6\u4e5f\u80fd\u63d0\u4f9b\u5065\u58ee\u7684\u5b89\u5168\u6027\u3002<\/p>\n<p>Apache Shiro 1.2.4\u53ca\u4ee5\u524d\u7248\u672c\u4e2d\uff0c\u52a0\u5bc6\u7684\u7528\u6237\u4fe1\u606f\u5e8f\u5217\u5316\u540e\u5b58\u50a8\u5728\u540d\u4e3aremember-me\u7684Cookie\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528Shiro\u7684\u9ed8\u8ba4\u5bc6\u94a5\u4f2a\u9020\u7528\u6237Cookie\uff0c\u89e6\u53d1Java\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8fdb\u800c\u5728\u76ee\u6807\u673a\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%e7%8e%af%e5%a2%83%e6%90%ad%e5%bb%ba\"><\/span>\u73af\u5883\u642d\u5efa<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u73af\u5883\u642d\u5efa\u5b8c\u6bd5\uff0c\u8bbf\u95eehttp:\/\/192.168.0.140:8080\/\uff0c\u5f97\u5230\u5982\u4e0b\u9875\u9762<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/258547570b0287d4a195568c61fcedce07cd23cb.png\" alt=\"image-20221213154855869\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%e6%bc%8f%e6%b4%9e%e5%8f%91%e7%8e%b0\"><\/span>\u6f0f\u6d1e\u53d1\u73b0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u8bbf\u95ee\u9875\u9762\u8f93\u5165\u4efb\u610f\u8d26\u53f7\u5bc6\u7801\uff08\u5982\uff1aadmin\/admin\uff09\u8fdb\u884c\u767b\u5f55\uff0c\u6293\u53d6\u6570\u636e\u5305\u3002\u5f53\u53d1\u73b0\u6570\u636e\u5305\u8fd4\u56de\u7684\u5185\u5bb9\u5b58\u5728\u5982\u4e0b\u7279\u5f81\uff0c<strong>Set-Cookie: rememberMe=deleteMe;<\/strong>\u5c31\u53ef\u80fd\u5b58\u5728\u8be5\u6f0f\u6d1e<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/4cf8a25e6c57fe17f0b0584c3d00c766c48ee060.png\" alt=\"image-20221213155118608\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe1\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%e6%bc%8f%e6%b4%9e%e5%88%a9%e7%94%a8\"><\/span>\u6f0f\u6d1e\u5229\u7528<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u4f7f\u7528\u5de5\u5177shiro\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7efc\u5408\u5229\u7528\u5de5\u5177 v2.2<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/df5c9836360fb68868bba7565d0da97e97b9d4fa.png\" alt=\"image-20221213154802615\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe2\" \/><\/p>\n<p>1\u3001\u4f7f\u7528\u65b9\u5f0f<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/9207cb5330801bd20811f24bd42ed340c07ec792.png\" alt=\"image-20221213155525934\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe3\" \/><\/p>\n<p>2\u3001\u63a2\u6d4b\u5982\u4e0b<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/71437a72afdbe20a43aa43a5b835b2fb1d9d6f63.png\" alt=\"image-20221213155604278\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe4\" \/><\/p>\n<p>3\u3001\u547d\u4ee4\u6267\u884c<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/af8dda1c3f439221a8b1e86fad0be173b42aa992.png\" alt=\"image-20221213155834685\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe5\" \/><\/p>\n<p>4\u3001\u6ce8\u5165\u5185\u5b58\u9a6c<\/p>\n<p><img decoding=\"async\" src=\"C:\\Users\\Mach\\AppData\\Roaming\\Typora\\typora-user-images\\image-20221213162409340.png\" alt=\"image-20221213162409340\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe6\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/5f239ffe214abb9e203ec68868fa1c7e1f2453dc.png\" alt=\"image-20221213155959363\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe7\" \/><\/p>\n<p>\u4f7f\u7528\u51b0\u874e\u8fdb\u884c\u8fde\u63a5<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/fe4dd7136c73ecffd6e81e2abe4bc132a3e497da.png\" alt=\"image-20221213162532969\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe8\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/99072d93baf85b2d72384388f5f3bea4ba5b1af8.png\" alt=\"image-20221213162414745\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe9\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/eff03fbc74105b421d9b00b9cdcc4616be48ebdd.png\" alt=\"image-20221213162322503\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe10\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.hdslb.com\/bfs\/album\/324b857aba8369d36b3a70875a9bdcfa0991f6e9.png\" alt=\"image-20221213162456274\" title=\"CVE-2016-4437\u6f0f\u6d1e\u590d\u73b0\u63d2\u56fe11\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%e6%89%80%e7%94%a8%e5%b7%a5%e5%85%b7\"><\/span>\u6240\u7528\u5de5\u5177<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<blockquote>\n<p>\u56fe\u4e2d\u6240\u7528\u5de5\u5177\u4e3a\u56e2\u961f\u539f\u521b\uff0c\u5173\u6ce8\u6d6a\u98d2sec\u56de\u590d<code>AK4\u5b89\u5168\u96c6\u88c5\u7bb1<\/code>\u83b7\u53d6\u4e0b\u8f7d\u5730\u5740\u3002\u65b0\u7248\u672c\u8fd1\u671f\u53d1\u5e03\uff0c\u656c\u8bf7\u671f\u5f85\u3002<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u6f0f\u6d1e\u6982\u8ff0 Apache Shiro 1.2.4\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff08CVE-2016-4437\uff09 Apache Shi [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-1189","post","type-post","status-publish","format-standard","hentry","category-vulfx"],"_links":{"self":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1189"}],"version-history":[{"count":2,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1189\/revisions"}],"predecessor-version":[{"id":1191,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1189\/revisions\/1191"}],"wp:attachment":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}