.. / CVE-2020-13937

Exploit for Apache Kylin - Exposed Configuration File (CVE-2020-13937)

Description:

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin’s configuration information without authentication.

Nuclei Template

View the template here CVE-2020-13937.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-13937.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-13937
https://s.tencent.com/research/bsafe/1156.html
https://github.com/Al1ex/CVE-2020-13937
https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E
https://github.com/HimmelAward/Goby_POC
https://kylin.apache.org/docs/release_notes.html

.. / CVE-2020-13937 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Kylin - Exposed Configuration File (CVE-2020-13937)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-13937