Shulou(Shulou.com)05/31 Report--

What this article shares with you is about how to reproduce the loopholes in Nexus Repository Manager 3 remote command execution. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Introduction to 0x00

Nexus, whose full name is Nexus Repository Manager, is a product of Sonatype. It is a powerful warehouse manager that greatly simplifies the maintenance of internal warehouses and access to external warehouses.

It is mainly used to build maven private servers within the company. But its function is not only to create a maven private warehouse, but also can be used as a private warehouse for nuget, docker, npm, bower, pypi, rubygems, git lfs, yum, go, apt and so on.

Overview of 0x01 vulnerabilities

In Nexus Repository Manager OSS/Pro 3.21.1 and previous versions, due to improper handling of functional security somewhere, an authorized attacker could remotely execute arbitrary malicious code on the server by constructing a malicious HTTP request to gain system privileges. Exploitation of this vulnerability requires an attacker to have any type of account privileges.

0x02 affects version

Nexus Repository Manager OSS/Pro 3.x

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.