.. / CVE-2020-1956

Exploit for Apache Kylin 3.0.1 - Command Injection Vulnerability (CVE-2020-1956)

Description:

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

Nuclei Template

View the template here CVE-2020-1956.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-1956.yaml

References:

https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
https://nvd.nist.gov/vuln/detail/CVE-2020-1956
http://www.openwall.com/lists/oss-security/2020/07/14/1
https://www.sonarsource.com/blog/apache-kylin-command-injection-vulnerability/

.. / CVE-2020-1956 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Kylin 3.0.1 - Command Injection Vulnerability (CVE-2020-1956)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-1956