关联漏洞
标题:
Kubernetes ingress-nginx 安全漏洞
(CVE-2025-1974)
描述:Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
介绍
# README
Talk is cheap, just look at the code.
Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
## Usage
1. Change the ip in `shell.c`
2. Check the docker is available and run `make shell.so`. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
3. Run `python3 exploit.py` to get your shell.
> You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate.
> You can get the target value by running `kpexec -n ingress-nginx ingress-nginx-controller-xxxxxxxxx-xxxxx -it -- bash` to get into container by root and run `ls -ahl /proc/*/fd/* | grep body` in container, when you are in proofing env.
文件快照
[4.0K] /data/pocs/e7814e88877c910ff5241aab7e6ea44046e7c7e0
├── [ 328] build.sh
├── [2.2K] exploit.py
├── [ 100] Makefile
├── [ 183] pyproject.toml
├── [ 812] README.md
├── [1.8K] req.json
├── [ 425] req.yaml
├── [ 716] shell.c
└── [5.3K] uv.lock
0 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。