CVE-2020-17518 PoC — Apache Flink 路径遍历漏洞

Source

https://github.com/rakjong/Flink-CVE-2020-17518-getshell

Associated Vulnerability

Title:Apache Flink 路径遍历漏洞 (CVE-2020-17518)
Description:Apache Flink是美国阿帕奇软件（Apache）基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。 Apache Flink 1.5.1 存在安全漏洞，该漏洞源于一个REST处理程序允许攻击者通过恶意修改的HTTP头将上传的文件写入到本地文件系统上的任意位置。

Description

利用Apache Flink CVE-2020-17518 getshell

Readme

# Flink-CVE-2020-17518-getshell
利用Apache Flink CVE-2020-17518 getshell

见：https://blog.rakjong.com/2021/01/10/flink-cve-2020-17518-getshell/

![shell_image](https://blog-1259438478.cos.ap-nanjing.myqcloud.com/post-picture1/post-h-1.png)

File Snapshot


 [4.0K]  /data/pocs/7b3ae1f1a6049666fdc40c46eb672546b089d2c5
├── [4.2K]  flink-getshell.py
└── [ 245]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!