CVE-2020-13151 PoC — Aerospike 操作系统命令注入漏洞

Source

https://github.com/b4ny4n/CVE-2020-13151

Associated Vulnerability

Title:Aerospike 操作系统命令注入漏洞 (CVE-2020-13151)
Description:Aerospike是美国Aerospike公司的一套NoSQL数据库解决方案。 Aerospike（社区版）4.9.0.5版本中存在安全漏洞。攻击者借助特制的UDF利用该漏洞以当前用户权限在该集群的所有节点上执行任意的操作系统命令。

Description

POC for CVE-2020-13151

Readme

# CVE-2020-13151 POC

## Aerospike Database (< 5.1.0.3) Host Command Execution

Full writeup @ https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html

- `poc.lua` shows manual exploitation of the server

- `cve2020-13151.py` for automated exploitation

- `run-poc.sh` sets up a docker environment for local experimentation

File Snapshot


 [4.0K]  /data/pocs/7d25065ad3c200a7cb53f4200a192eac4502994d
├── [5.5K]  cve2020-13151.py
├── [1.7K]  poc.lua
├── [ 354]  README.md
└── [ 271]  run-poc.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!