CVE-2020-17518/17519: Apache Flink directory traversal vulnerability
Realize the collection of servers that exist in the flink framework and determine whether they are accessible
# 脚本功能:
# 从(主机资产)xxx.json中搜索使用Flink框架的服务器,提取并测试其8081端口是否开启可访问
#
import json
import requests
# flink_list = [] # 存放具有flink的服务器
# valid_flink = [] # 存放可访问的flink
# 搜索使用Flink框架的服务器
def search_flink():
with open(r'D:\xxx.json', 'r') as f:
d = json.load(f)
#print(type(d)) # 确定好操作的是json对象还是python 数据类型
for i in range(1691):
if d[i].get("key_name", 0): # 判断当前数组字典中是否存在key
if "flink" in d[i]["key_name"]:
flink_list.append(d[i]["ip"])
print(flink_list)
# 提取并测试其8081端口是否开启可访问
def request_flink(length):
for i in range(length):
try:
r = requests.get('http://' + flink_list[i] + ':8081', timeout=3)
if "Apache Flink" in r.text:
valid_flink.append(flink_list[i]+ ':8081')
except Exception as e:
print('this is an error:',e)
print(valid_flink)
if __name__ == "__main__":
flink_list = [] # 存放具有flink的服务器
valid_flink = [] # 存放可访问的flink
search_flink()
length = len(flink_list)
request_flink(length)
Vulnerability reproduction:
CVE-2020-17518
CVE-2020-17519