Phân tích lỗ hổng Pre-Auth RCE trên ForgeRock AM (CVE-2021–35464)

/ccversion/Version
com.sun.identity.console.version.VersionViewBean
private static final List<String> FALLBACK_CLASS_WHITELIST = Arrays.asList("com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction", "com.sun.identity.console.base.model.SMSubConfig", "com.sun.identity.console.service.model.SMDescriptionData", "com.sun.identity.console.service.model.SMDiscoEntryData", "com.sun.identity.console.session.model.SMSessionData", "com.sun.identity.shared.datastruct.OrderedSet", "com.sun.xml.bind.util.ListImpl", "com.sun.xml.bind.util.ProxyListImpl", "java.lang.Boolean", "java.lang.Integer", "java.lang.Number", "java.lang.String", "java.net.InetAddress", "java.util.ArrayList", "java.util.Collections$EmptyMap", "java.util.Collections$SingletonList", "java.util.HashMap", "java.util.HashSet", "org.forgerock.openam.dpro.session.NoOpTokenRestriction", "org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction");
  • /ccversion/ButtonFrame
  • /ccversion/Masthead
  • /ccversion/Version

--

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jang

Jang

asdasd asdasdasd asdasdasd

More from Medium

Validation HTB

Retrieving AWS metadata and use it for RCE

CloudSEK CTF Writeup

KnightCtf Jan 2022