[Java unserialization] Spring-tx.jar反序列化漏洞分析 - lightless blog
Tags
attack-pattern: Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID bcb4cc9e-e58b-471c-bedb-162128704474
Fingerprint 68bb4779b836260c
Analysis status DONE
Considered CTI value 0
Text language
Published July 20, 2024, midnight
Added to db Jan. 18, 2023, 9:57 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline lightless blog
Title [Java unserialization] Spring-tx.jar反序列化漏洞分析 - lightless blog
Detected Hints/Tags/Attributes 10/1/28
Source URLs
Redirection Url
Details Source https://lightless.me/archives/java-unserialization-spring-tx.html
URL Provider
Details Provider Source level domain
Details lightless.me lightless.me
Attributes
Details Type #Events CTI Value
Details Domain 138 
java.io
Details Domain 1 
lightless.me
Details Domain 3 
server.java
Details Domain 60 
java.net
Details Domain 1 
zerothoughts.tumblr.com
Details Domain 16 
www.anquanke.com
Details Domain 23 
paper.seebug.org
Details Email 1 
root@lightless.me
Details File 1 
spring-tx.jar
Details File 11 
io.obj
Details File 1 
序列化并写入文件payload.bin
Details File 44 
payload.bin
Details File 1 
从文件payload.bin
Details File 3 
server.java
Details File 312 
calc.exe
Details File 10 
rmi.reg
Details File 5 
registry.bin
Details File 1 
zerothoughts.tum
Details File 1 
ibm.java
Details File 1 
80.doc
Details File 1 
orb_xmp_server.html
Details IPv4 1441 
127.0.0.1
Details Url 3 
http://127.0.0.1:8090
Details Url 1 
http://zerothoughts.tumblr.com/post/137769010389/fun-with-jndi-remote-code-injection
Details Url 1 
http://zerothoughts.tumblr.com/post/137831000514/spring-framework-deserialization-rce
Details Url 1 
https://www.ibm.com/support/knowledgecenter/zh/ssyke2_8.0.0/com.ibm.java.lnx.80.doc/diag/understanding/orb_xmp_server.html
Details Url 1 
https://www.anquanke.com/post/id/87031
Details Url 1 
https://paper.seebug.org/312