CVE-2020-7012 PoC — Elasticsearch Kibana 代码注入漏洞

Source

https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Kibana%207.6.2%20upgrade-assistant-telemetry%20%E5%8E%9F%E5%9E%8B%E6%B1%A1%E6%9F%93%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20CVE-2020-7012.md

Associated Vulnerability

Title:Elasticsearch Kibana 代码注入漏洞 (CVE-2020-7012)
Description:Elasticsearch Kibana是荷兰Elasticsearch公司的一套开源的、基于浏览器的分析和搜索Elasticsearch仪表板工具。 Elasticsearch Kibana 6.7.0版本至6.8.8版本和7.0.0版本至7.6.2版本中的Upgrade Assistant存在代码注入漏洞。攻击者可利用该漏洞在Kibana进程的上下文中执行代码。

File Snapshot


 # Kibana 7.6.2 upgrade-assistant-telemetry 原型污染导致远程代码执行 CVE-2020-7012

## 漏洞描述

Kibana 是 Elasticsear

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-7012 PoC — Elasticsearch Kibana 代码注入漏洞

Source

Associated Vulnerability

File Snapshot

Remarks