Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11652 PoC — SaltStack Salt 路径遍历漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/SaltStack%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%86%99%E6%BC%8F%E6%B4%9E%20CVE-2020-11652.md
Associated Vulnerability
Title:SaltStack Salt 路径遍历漏洞 (CVE-2020-11652)
Description:SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 3000.2之前的3000.x版本中的salt-master进程的ClearFuncs类存在路径遍历漏洞,该漏洞源于不正确的访问控制。远程攻击者可利用该漏洞访问任意目录。
File Snapshot

 # SaltStack 任意文件读写漏洞 CVE-2020-11652

## 漏洞描述

SaltStack 是基于 Python 开发的一套C/S架构配置管理工具。国外某安全团队披露了 SaltS

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.