Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apache Druid Kafka Connect - Remote Code Execution

By kannthu

High
Vidoc logoVidoc Module
#cve#cve2023#apache#druid#kafka
Description

What is "Apache Druid Kafka Connect - Remote Code Execution"?

The "Apache Druid Kafka Connect - Remote Code Execution" module is designed to detect a vulnerability in Apache Druid Kafka Connect that allows remote code execution. Apache Druid Kafka Connect is a software that enables data ingestion from Apache Kafka into Apache Druid. This vulnerability has a high severity level and can potentially allow a remote attacker with authentication to run arbitrary code on the system.

Author: j4vaovo

Impact

If exploited, this vulnerability can enable an attacker to execute arbitrary code on the targeted system. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.

How does the module work?

The module sends a specific HTTP request to the target system, attempting to exploit the vulnerability in Apache Druid Kafka Connect. The request is a POST request to the "/druid/indexer/v1/sampler?for=connect" endpoint with specific headers and payload.

Matching conditions:

- The "interactsh_protocol" part of the request must not contain the word "dns". - The request body must contain the word "RecordSupplier". - The response status code must be 400.

If all the matching conditions are met, the module will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dnsand
word: RecordSupplierand
status: 400
Passive global matcher
No matching conditions.
On match action
Report vulnerability