XXL-JOB Remote Code Execution Scanner

XXL-JOB is a widely used distributed task scheduling platform. It is employed across various business sectors for orchestrating and managing tasks efficiently. Known for its rapid development cycle and easy learning curve, it supports lightweight and scalable applications. Many companies use XXL-JOB to automate aspects of their online services, reducing manual effort and increasing operational effectiveness. The core components of XXL-JOB include the admin and executor interfaces, facilitating both backend management and task execution. As its source code is open, developers can customize and expand its functionalities to align with specific business needs.

The Remote Code Execution (RCE) vulnerability found in XXL-JOB allows attackers to execute arbitrary commands on affected servers. This vulnerability arises due to the absence of authentication mechanisms in the task executor component by default. Attackers can exploit this vulnerability using the RESTful API, which lacks proper authentication checks, leading to unauthorized access. Such an exploit might be leveraged to install malicious software, delete files, or take control over the server environment. The potential impacts of this vulnerability highlight the importance of securing networked systems against unauthorized command execution. This issue underscores a critical need for robust security practices in software configurations.

Technically, the vulnerability is triggered by unprotected endpoints in the XXL-JOB executor, which accepts commands via POST requests to /run. The attacker can craft a JSON object with executable content in parameters like "glueSource" and "executorHandler". Due to configuration oversights, the executor processes these commands without validation. This exploitation relies on utilizing vectors such as "GLUE_SHELL" and "GLUE_POWERSHELL" within the payload, facilitating remote command execution. The presence of a hardcoded access token "default_token" further simplifies unauthorized exploitation. Such details provide insight into the mechanism enabling arbitrary remote code executions through this vulnerability.

Potential effects of exploiting the RCE vulnerability in XXL-JOB include unauthorized control over server operations. Malicious actors could deploy, execute, and manipulate server resources at their discretion. This could result in data breaches, data loss, alteration of system configurations, or installation of backdoors for persistent access. Furthermore, the organization’s services can be severely disrupted, leading to operational downtime and financial losses. Maintaining an insecure environment increases the likelihood of being targetted for further exploits and damages brand reputation. Prompt action and mitigation are essential to prevent any such adverse outcomes in affected workflows and services.

REFERENCES

• https://github.com/jas502n/xxl-job/blob/main/README.md
• https://github.com/vulhub/vulhub/blob/master/xxl-job/unacc/README.md