使用方法&免责声明
该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。
使用方法:Python CVE-2020-17519.py urls.txt
urls.txt 中每个url为一行,漏洞地址输出在vul.txt中
影响版本:
Apache Flink 1.11.0、1.11.1、1.11.2
工具仅用于安全人员安全测试,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责
Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)
Overview
You might also like...
Exploiting CVE-2021-42278 and CVE-2021-42287
noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel
2 Jun 23, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202
500 Jan 6, 2023
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384
CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv
20 Apr 7, 2022
CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907
CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞 creat
365 Nov 30, 2022
CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536
CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22
49 Nov 9, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp
cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session
135 Dec 14, 2022
CVE-2022-22965 - CVE-2010-1622 redux
CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la
20 Aug 25, 2022
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) This script allows to check and exploit missing authentication checks in
82 Nov 9, 2022
CVE 2020-14871 Solaris exploit
CVE 2020-14871 Solaris exploit This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems. The act
2 Oct 25, 2022
Comments
-
Help to reproduce
opened by gbossert 1First of all thank you for your work.
I would like to reproduce your findings in order to analyze network footprints of the exploitation (eventhough your code is crystal clear and could be enough). Unfortunately I cannot manage to reproduce this vulnerability.
Please find below my recipe: First shell:
docker run --rm --name=jobmanager --publish 8081:8081 --env FLINK_PROPERTIES="jobmanager.rpc.address: jobmanager" flink:1.11 jobmanagerSecond shell:
> $ touch urls.txt && echo "http://127.0.0.1:8081" > urls.txt && python3 cve.py urls.txt _______ ________ ___ ___ ___ ___ __ ______ _____ __ ___ / ____\ \ / / ____| |__ \ / _ \__ \ / _ \ /_ |____ | ____/_ |/ _ \ | | \ \ / /| |__ ______ ) | | | | ) | | | |______| | / /| |__ | | (_) | | | \ \/ / | __|______/ /| | | |/ /| | | |______| | / / |___ \ | |\__, | | |____ \ / | |____ / /_| |_| / /_| |_| | | | / / ___) || | / / \_____| \/ |______| |____|\___/____|\___/ |_|/_/ |____/ |_| /_/ [-]http://127.0.0.1:8081 None Check OverOf course I tried we a manually deployed fake file in
/opt/flink/log/flag.testwhich works (as intended by Flink developers) but I cannot fetch the content of/opt/flink/flag.testwith what I believe to be a proper path.Any suggestions ?
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -
130 Dec 15, 2022
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)
Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负
15 Nov 9, 2022
Apache Solr SSRF(CVE-2021-27905)
Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url
70 Nov 9, 2022
CVE-2021-41773 Path Traversal for Apache 2.4.49
CVE-2021-41773 Path Traversal for Apache 2.4.49
3 Oct 20, 2021
Fast python tool to test apache path traversal CVE-2021-41773 in a List of url
CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p
12 Nov 9, 2022
A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks
Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:
5 Dec 27, 2022
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) usage: python ProxyLogon.py --host=exchang
112 Dec 1, 2022
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.
PocOrExp in Github 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网 注意:只通过通用的CVE号聚合,因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞,还是自己检索一下比较好 Usage python3 exp.py -h usage: ex
567 Dec 30, 2022
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.
PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket
140 Dec 27, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it
867 Dec 22, 2022