Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-13151 PoC — Aerospike 操作系统命令注入漏洞

Source
https://github.com/b4ny4n/CVE-2020-13151
Associated Vulnerability
Title:Aerospike 操作系统命令注入漏洞 (CVE-2020-13151)
Description:Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.
Description
POC for CVE-2020-13151
Readme
# CVE-2020-13151 POC

## Aerospike Database (< 5.1.0.3) Host Command Execution

Full writeup @ https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html

- `poc.lua` shows manual exploitation of the server

- `cve2020-13151.py` for automated exploitation

- `run-poc.sh` sets up a docker environment for local experimentation
File Snapshot

 [4.0K]  /data/pocs/7d25065ad3c200a7cb53f4200a192eac4502994d
├── [5.5K]  cve2020-13151.py
├── [1.7K]  poc.lua
├── [ 354]  README.md
└── [ 271]  run-poc.sh

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →