[송정민/corin13]: jira CVE-2019-11581 코드분석 및 CVE-2019-3403/CVE-2020-14181 정보 유출 취약점 #176
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
안녕하세요. 10반 송정민입니다.
CVE-2019-11581, CVE-2019-3403, CVE-2020-14181 취약점 제출합니다.
처음에 vulhub에 있는 CVE-2019-11581로 진행하던 중 vulhub에는 없으나 같은 환경에서 간단히 증명 가능한 취약점이 몇 개 있어 추가로 작성하였습니다.
(CVE-2019-3403, CVE-2020-14181)
마침 kr-vulhub 목록에 jira도 없어 함께 요청합니다.
whoami는 poc를 따라하던 중 공격이 성공한 게 맞는지 직관적으로 알기는 애매해 RCE를 이용한 리버스쉘까지 진행해보았습니다.
결론적으로 CVE-2019-11581의 readme.md에 추가1, 2, 3은 원래 vulhub poc에는 없으나 이해를 돕기 위해 추가로 작성된 것입니다.
review 부탁드립니다. 감사합니다.