Dubbo is an open source, high-performance service framework developed by Alibaba Inc. that enables applications to perform input and output functions via high-performance RPC, and can seamlessly integrate with the Spring framework. Dubbo has an unauthorized access vulnerability due to improper configuration.
Execute mvn clean package -Dmaven.test.skip=true, and the following results will be generated:
In the dubbo-2.5.x/dubbo-simple/dubbo-monitor-simple/target directory, you will find dubbo-monitor-simple-2.5.10-assembly.tar.gz generated, extract this folder.
Check the configuration file, and you will see that the dubbo protocol port is 7070.
Connect to port 7070 with nc, port 7070 allows you to perform various management tasks, such as checking the status of the registry, listing available services, and viewing the log level of the registry.
[root@localhost dubbo-monitor-simple-2.5.10]# nc 127.0.0.1 7070
ls
com.alibaba.dubbo.monitor.MonitorService
dubbo>help
Please input "help [command]" show detail.
status [-l] - Show status.
pwd - Print working default service.
trace [service] [method] [times] - Trace the service.
exit - Exit the telnet.
help [command] - Show help.
invoke [service.]method(args) - Invoke the service method.
count [service] [method] [times] - Count the service.
clear [lines] - Clear screen.
ls [-l] [service] - List services and methods.
log level - Change log level or show log
ps [-l] [port] - Print server ports and connections.
cd [service] - Change default service.
dubbo>status
OK
dubbo>pwd
/
If the service has command execution capability, the "invoke" command may execute commands as the "invoke" command is used to invoke specific service methods.
