.. / CVE-2020-17518

Exploit for Apache Flink 1.5.1 - Local File Inclusion (CVE-2020-17518)

Description:

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.

Nuclei Template

View the template here CVE-2020-17518.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-17518.yaml

References:

https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518
https://nvd.nist.gov/vuln/detail/CVE-2020-17518
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cuser.flink.apache.org%3E

.. / CVE-2020-17518 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Flink 1.5.1 - Local File Inclusion (CVE-2020-17518)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-17518