支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 98579a8b300fe13d0201d0d2a720c0d15ed46187

来源
https://github.com/YongYe-Security/CVE-2023-25194
关联漏洞
标题:Apache Kafka 代码问题漏洞 (CVE-2023-25194)
Description:Apache Kafka是美国阿帕奇(Apache)基金会的一套开源的分布式流媒体平台。该平台能够获取实时数据,用于构建对数据流的变化进行实时反应的应用程序。 Apache Kafka Connect 存在代码问题漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Description
CVE-2023-25194 Scan
介绍


This tool is intended for security testing purposes only. Do not engage in any illegal activities. Any consequences resulting from misuse are solely your responsibility.

The CVE-2023-25194 detection tool utilizes JNDI to load the response content returned by the DNS log platform to determine the presence of vulnerabilities. The logic for determining the response content involves successful utilization of the content received through testing. Some response contents can establish connections with the target via the DNS log platform, but they are ultimately ignored as they cannot be exploited.

```
python3 CVE-2023-25194_Scan.py -h

_______    ________    ___   ____ ___  _____      ___   _____________  __ __
  / ____/ |  / / ____/   |__ \ / __ \__ \|__  /     |__ \ / ____<  / __ \/ // /
 / /    | | / / __/________/ // / / /_/ / /_ <________/ //___ \ / / /_/ / // /_
/ /___  | |/ / /__/_____/ __// /_/ / __/___/ /_____/ __/____/ // /\__, /__  __/
\____/  |___/_____/    /____/\____/____/____/     /____/_____//_//____/  /_/

                                                    PowerBy:YongYe__Security

usage: CVE-2023-25194_Scan.py [-h] (-u URL | -f FILE)

Send POST requests to URLs

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL, Single target detection
  -f FILE, --file FILE  URL File, Batch scan

```

Single target exploitation

```
python3 CVE-2023-25194_Scan.py -u http://127.0.0.1:8080
```
![image](https://github.com/YongYe-Security/CVE-2023-25194/blob/main/1.png)

Batch target scanning

The URLs with vulnerabilities will be stored in the file "result.txt" in the current directory.

```
python3 CVE-2023-25194_Scan.py -f url.txt
```
![image](https://github.com/YongYe-Security/CVE-2023-25194/blob/main/3.png)

If necessary, you can modify the actual DNS log platform address in line 34 of the code. However, not changing it will not affect the program's execution.
文件快照

 [4.0K]  /data/pocs/98579a8b300fe13d0201d0d2a720c0d15ed46187
├── [ 10K]  1.png
├── [ 12K]  2.png
├── [589K]  3.png
├── [4.0K]  CVE-2023-25194_Scan.py
├── [1.9K]  README.md
└── [1.5K]  Readme-zh-cn.md

0 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。