Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Apache Druid Kafka Connect - Remote Code Execution" module is designed to detect a vulnerability in Apache Druid Kafka Connect that allows remote code execution. Apache Druid Kafka Connect is a software that enables data ingestion from Apache Kafka into Apache Druid. This vulnerability has a high severity level and can potentially allow a remote attacker with authentication to run arbitrary code on the system.
Author: j4vaovo
If exploited, this vulnerability can enable an attacker to execute arbitrary code on the targeted system. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.
The module sends a specific HTTP request to the target system, attempting to exploit the vulnerability in Apache Druid Kafka Connect. The request is a POST request to the "/druid/indexer/v1/sampler?for=connect" endpoint with specific headers and payload.
Matching conditions:
- The "interactsh_protocol" part of the request must not contain the word "dns". - The request body must contain the word "RecordSupplier". - The response status code must be 400.If all the matching conditions are met, the module will report the vulnerability.