CVE-2020-17519

This repository contains a Python-based scanner for detecting Apache path traversal vulnerabilities, specifically CVE-2020-17519, CVE-2021-41773, and CVE-2021-42013. It includes modules for handling requests, threading, and file operations to test multiple targets efficiently.

This is a Python-based proof-of-concept for CVE-2020-17519, an Apache Flink directory traversal vulnerability. It checks for the presence of the vulnerability by attempting to read /etc/passwd via a crafted URL path.

This repository provides a detailed proof-of-concept for CVE-2020-17519, an arbitrary file read vulnerability in Apache Flink's RESTful API. The exploit leverages path traversal via a maliciously crafted GET request to read sensitive files on the JobManager's filesystem.

This PoC exploits CVE-2020-17519, a directory traversal vulnerability in Apache Flink's REST API, allowing unauthorized file reads. It uses a crafted URI with multiple encoded traversal sequences to access arbitrary files on the target system.

This PoC exploits CVE-2020-17519, a directory traversal vulnerability in Apache Flink, allowing arbitrary file read via path traversal in the `/jobmanager/logs` endpoint. The script sends a crafted HTTP request to read `/etc/passwd` and checks for the presence of 'root' in the response.

This repository provides a Cheetah language-based scanner for CVE-2020-17519, designed for batch scanning. It requires an IP list file and integration with the Wker main program for execution.

This is a Python-based directory traversal exploit for CVE-2020-17519, targeting Apache Flink's JobManager logs endpoint. It allows attackers to read arbitrary files on the server by manipulating traversal sequences and supports multi-threading, proxy usage, and response saving.

This is a Metasploit auxiliary module that exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2, allowing arbitrary file read with web server privileges. The module sends a crafted HTTP GET request with traversal sequences to read sensitive files like /etc/passwd.

This repository appears to be a fork of Apache Flink with documentation and build scripts, but no actual exploit code for CVE-2020-17519 is present in the provided files. The README and documentation focus on building and contributing to Apache Flink rather than demonstrating the vulnerability.

This Go-based exploit targets CVE-2020-17519, a directory traversal vulnerability in Apache Flink's REST API. It attempts to read /etc/passwd via path traversal sequences and checks for common system user entries to confirm exploitation.

This PoC exploits a directory traversal vulnerability in Apache Flink (CVE-2020-17519) by crafting a URL with encoded traversal sequences to access the /etc/passwd file. It sends an HTTP GET request and checks for the presence of 'root:x' in the response to confirm vulnerability.

This repository provides a scanner for CVE-2020-17519, which affects Apache Flink versions 1.11.0, 1.11.1, and 1.11.2. The vulnerability allows attackers to read/write remote files via REST API.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink's JobManager REST API, allowing arbitrary file retrieval. It validates the target version and retrieves specified files via path traversal.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink, allowing arbitrary file read with web server privileges. It sends a crafted GET request to traverse directories and read the specified file.

This repository contains a functional Metasploit auxiliary module that exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2, allowing arbitrary file read with web server privileges. The exploit uses URL-encoded traversal sequences to bypass path sanitization and retrieve sensitive files like /etc/passwd.