CVE-2020-16846 PoC — SaltStack Salt 操作系统命令注入漏洞

Source

https://github.com/hamza-boudouche/projet-secu

Associated Vulnerability

Title:SaltStack Salt 操作系统命令注入漏洞 (CVE-2020-16846)
Description:SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt中的API 存在操作系统命令注入漏洞，该漏洞允许攻击者绕过限制，以提升其特权。

Description

CVE-2020-16846

File Snapshot


 [4.0K]  /data/pocs/22c1f0aca59bb3ec8fe7bc6dd669c390b33a8481
├── [ 217]  docker-compose.yml
├── [1.0K]  Dockerfile
├── [  40]  payload.sh
├── [4.0K]  resources
│   ├── [ 171]  master
│   └── [  40]  roster
└── [ 738]  salt_setup.sh

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!