Apache Dubbo 反序列化漏洞(CVE-2020-1948)
1. 环境搭建
1.1 docker靶场
docker pull dsolab/dubbo:cve-2020-1948
docker run -p 12345:12345 dsolab/dubbo:cve-2020-1948 -d
访问12345端口,搭建成功。
1.2 安装maven
官网下载
https://maven.apache.org/download.cgi
解压
解压后,进入apach-maven-3.8.6/conf中,新建资源库目录/m2/repository
cd apach-maven-3.8.6
cd conf
mkdir -p /m2/repository
将settings.xml内容全部删除,更改为
vim settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<localRepository>/m2/repository</localRepository>
<pluginGroups>