Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1956 PoC — Apache Kylin 操作系统命令注入漏洞

Source
https://github.com/b510/CVE-2020-1956
Associated Vulnerability
Title:Apache Kylin 操作系统命令注入漏洞 (CVE-2020-1956)
Description:Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Description
CVE-2020-1956
Readme
# CVE-2020-1956
CVE-2020-1956 Apache Kylin exploits

Kylin 2.3.0-2.3.2,Kylin 2.4.0-2.4.1,Kylin 2.5.0-2.5.2,Kylin 2.6.0-2.6.5,Kylin 3.0.0-alpha,Kylin 3.0.0-alpha2,Kylin 3.0.0-beta,Kylin 3.0.0-3.0.1

and

admin competence
File Snapshot

 [4.0K]  /data/pocs/b228e9fc62ca47277c043bd54ce605ff8d577f2c
├── [3.2K]  CVE-2020-1956_v2.0.py
└── [ 220]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →