Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-16846 PoC — SaltStack Salt 操作系统命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/SaltStack%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020-16846%2025592.md
Associated Vulnerability
Title:SaltStack Salt 操作系统命令注入漏洞 (CVE-2020-16846)
Description:SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt中的API 存在操作系统命令注入漏洞,该漏洞允许攻击者绕过限制,以提升其特权。
File Snapshot

 # SaltStack 未授权访问命令执行漏洞 CVE-2020-16846 25592

## 漏洞描述

2020年11月4日,SaltStack 官方发布了一则安全更新公告,其中CVE-2020

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.