CVE-2020-16248 PoC — Prometheus Blackbox Exporter 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-16248.yaml

Associated Vulnerability

Title:Prometheus Blackbox Exporter 代码问题漏洞 (CVE-2020-16248)
Description:Prometheus Blackbox Exporter是美国Linux基金会发布的一款允许通过HTTP、HTTPS、DNS、TCP和ICMP对端点进行黑盒探测的黑盒导出器。 Prometheus Blackbox Exporter 0.17.0及之前版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter.

File Snapshot


 id: CVE-2020-16248

info:
  name: Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!