2020-09-15 19:25:55 +00:00
|
|
|
id: cve-2019-7609
|
2020-08-15 18:10:27 +00:00
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Kibana Timelion Arbitrary Code Execution
|
|
|
|
|
author: dwisiswant0
|
|
|
|
|
severity: critical
|
|
|
|
|
|
|
|
|
|
# Kibana versions before 5.6.15 and 6.6.1
|
|
|
|
|
# contain an arbitrary code execution flaw in the Timelion visualizer.
|
|
|
|
|
# An attacker with access to the Timelion application could send a request
|
|
|
|
|
# that will attempt to execute javascript code.
|
|
|
|
|
# This could possibly lead to an attacker executing arbitrary commands
|
|
|
|
|
# with permissions of the Kibana process on the host system.
|
|
|
|
|
# --
|
|
|
|
|
# References:
|
|
|
|
|
# - https://github.com/mpgn/CVE-2019-7609
|
|
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: POST
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/api/timelion/run"
|
2020-08-15 20:37:25 +00:00
|
|
|
- "{{BaseURL}}:5601/api/timelion/run"
|
2020-08-15 18:10:27 +00:00
|
|
|
headers:
|
|
|
|
|
User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55"
|
|
|
|
|
Content-Type: "application/json; charset=utf-8"
|
|
|
|
|
body: "{\"sheet\":[\".es(*)\"],\"time\":{\"from\":\"now-1m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Asia/Shanghai\"}}"
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "seriesList"
|
|
|
|
|
part: body
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "Content-Type: application/json"
|
|
|
|
|
part: header
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
