Java RMI Codebase Remote Code Execution¶

中文版本(Chinese version)

Java Remote Method Invocation (RMI) is used for remote procedure calls in Java. Under certain conditions, an RMI client can specify java.rmi.server.codebase to make the server load remote objects, leading to the execution of arbitrary Java bytecode on the server.

References:

• https://docs.oracle.com/javase/7/docs/technotes/guides/rmi/codebase.html
• https://paper.seebug.org/1091/

Environment Setup¶

Execute the following commands to compile and start the RMI Registry and server:

docker compose build
docker compose run -e RMIIP=your-ip -p 1099:1099 -p 64000:64000 rmi

Replace your-ip with your server's IP address. The client will use this IP to connect to the server.

After startup, the RMI Registry will be listening on port 1099.

Vulnerability Reproduction¶

To be completed.