CVE-2024-28255 PoC — OpenMetadata 安全漏洞

Source

Associated Vulnerability

Description

OpenMetadata_RCE (CVE-2024-28255)  Batch scan/exploit

Readme

OpenMetadata_RCE (CVE-2024-28255)	Batch scan/exploit
<br>  
<br>
<br>
1.このツールはセキュリティテストのみに使用されており、違法な攻撃については責任を負いません.
<br>
2.The tool is only used for security testing, and I am not responsible for any illegal attacks.
<br>
3.工具仅用于安全测试，任何非法攻击本人概不负责.
<br>
<br>
<br>
Help

Need to modify the DNS address in line 9 of the code.

```
python3 CVE-2024-28255.py --help

   _______      ________    ___   ___ ___  _  _        ___   ___ ___  _____ _____
  / ____\ \    / /  ____|  |__ \ / _ \__ \| || |      |__ \ / _ \__ \| ____| ____|
 | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______ ) | (_) | ) | |__ | |__
 | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______/ / > _ < / /|___ \|___ \
 | |____   \  /  | |____    / /_| |_| / /_   | |       / /_| (_) / /_ ___) |___) |
  \_____|   \/   |______|  |____|\___/____|  |_|      |____|\___/____|____/|____/


                                                        PowerBy:YongYe_Security


usage: CVE-2024-28255.py [-h] (-u TARGET | -f FILE) [-t THREADS]

Python3 CVE-2024-28255.py -f url.txt -t 50

options:
  -h, --help  show this help message and exit
  -u TARGET   target URL
  -f FILE     target File
  -t THREADS  number of threads
```
<br>
<br>
All scan results will be saved in result.txt.
<br>
![image](https://github.com/YongYe-Security/CVE-2024-28255/blob/main/24_11-4-57-12-11-45.png)
<br>
<br>
The scanning results may not be accurate, for example: the target does not connect to the network, or the command does not exist.
<br>
![image](https://github.com/YongYe-Security/CVE-2024-28255/blob/main/24_12-4-2-12-01-704.png)

File Snapshot

 [4.0K]  /data/pocs/58431843da3c14342819f9beb04d5c8bebe1aa0d
├── [1.2M]  24_11-4-57-12-11-45.png
├── [463K]  24_12-4-2-12-01-704.png
├── [2.9K]  CVE-2024-28255.py
└── [1.7K]  README.md

0 directories, 4 files

Remarks