CVE-2020-35191 PoC — Docker Images Official Drupal 访问控制错误漏洞

Source

https://github.com/megadimenex/MegaHiDocker

Associated Vulnerability

Title:Docker Images Official Drupal 访问控制错误漏洞 (CVE-2020-35191)
Description:The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Description

This project is exploit for some docker containers with similar to vulnerability code: CVE-2020-35191

Readme

# MegaHiDocker
This project will be exploited for some docker containers with similar vulnerability code: CVE-2020-35191, but this time on other containers.

# => Please read the Description.txt file


# Requirement:

1.Need to Install docker in your Linux AND Install subprocess module for python 3.X.

2.You need pull the your containers and next run this code(e.g: docker pull <your container>)
  
  
# The Impact Of Vulnerability:
  
1.CVSS: 9.8 Critical
  
2.Impact Code execution: True
  
3.Impact Denial of Service: True
  
4.Impact of Privilege Escalation: True
  
5.Impact Information Disclosur: True
  
6.Affected Component: /etc/shadow
  
# Impact on Software: 
solr
  
kasmweb/core-nvidia-focal
  
bitnami/phppgadmin
  
bitnami/cassandra
  
bitnami/prometheus
  
bitnami/alertmanager
  
bitnami/geode

File Snapshot


 [4.0K]  /data/pocs/6cb0c440ee36b9ad9a6cd7ec33ec7cd78bf39073
├── [3.5K]  Description.txt
├── [1.0K]  LICENSE
├── [5.4K]  MegaHiDocker.py
└── [ 816]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!