{"id":66692,"date":"2023-05-02T15:13:32","date_gmt":"2023-05-02T07:13:32","guid":{"rendered":"https:\/\/version-2.com\/?p=66692"},"modified":"2024-09-13T16:31:19","modified_gmt":"2024-09-13T08:31:19","slug":"cve-2021-45456-apache-kylin-rce-exploit","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2023\/05\/cve-2021-45456-apache-kylin-rce-exploit\/","title":{"rendered":"CVE-2021-45456 Apache Kylin RCE Exploit"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"66692\" class=\"elementor elementor-66692\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\" width=\"1800\" height=\"1013\" \/>\n\n<div data-v-85c4bf60=\"\" data-v-0bbc59dc=\"\" class=\"news-detail-inner-content\"><h1>Introduction<\/h1><p><\/p><p>This is an exploitation script written in Python to exploit #Apache #Kylin Command Injection #CVE-2021-45456 and get RCE.<\/p><p><\/p><p>You can find the script here: <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/github.com\/mhzcyber\/CVE-Analysis\/blob\/main\/CVE-2021-45456\/CVE-2021-45456Exploit.py\">https:\/\/github.com\/mhzcyber\/CVE-Analysis\/blob\/main\/CVE-2021-45456\/CVE-2021-45456Exploit.py<\/a><\/p><p><\/p><p>To understand more about the CVE, you can check the previous PoC and Analysis blog that we published.<\/p><ul><li><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.vicarius.io\/vsociety\/blog\/cve-2021-45456-apache-kylin-rce-poc\">https:\/\/www.vicarius.io\/vsociety\/blog\/cve-2021-45456-apache-kylin-rce-poc<\/a><\/p><\/li><li><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.vicarius.io\/vsociety\/blog\/cve-2021-45456-apache-kylin-command-injection\">https:\/\/www.vicarius.io\/vsociety\/blog\/cve-2021-45456-apache-kylin-command-injection<\/a><\/p><\/li><\/ul><p><\/p><h1>Testing Lab<\/h1><p><\/p><p>The lab here is the same as the one mentioned in the analysis blog, but we will add a minor modification.<\/p><p>Since this is a docker container, it&#8217;s minimalized with the requirements only to run the solution.<\/p><p>Usually, we have more features to abuse in the system, for example, netcat or nc, so we are going to install nc.<\/p><p><\/p><ul><li><p>Access the container using the following command:<\/p><\/li><\/ul><p><code>sudo docker exec -it container_id bash<\/code><\/p><ul><li><p>Install nc<\/p><\/li><\/ul><p><code>yum install nc -y<\/code><\/p><p><\/p><h1>Exploitation Script<\/h1><p><\/p><p>We are going to start by explaining the script<\/p><p><\/p><ul><li><p>The script starts with defining the libraries <\/p><\/li><\/ul><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3m0qjy0np60jn53v6h7c6k.png\"><p><\/p><h3>create_project function<\/h3><p><\/p><ul><li><p>After that, we have the <code>create_project<\/code> function, where we create a project and inject the malicious payload.<\/p><\/li><\/ul><p>The function takes the following args <code>host, lhost, lport, username, password<\/code><\/p><p>Those args are entered by the user when running the script.<\/p><p>This line checks if there is &#8220;.&#8221; in the lhost and removes them.<\/p><p>so if the lhost is 172.17.0.2 the result is 1721702<\/p><p><\/p><pre><code>if \".\" in lhost:\n        lhost = lhost.replace(\".\", \"\")<\/code><\/pre><p><\/p><p>structuring the URL<\/p><p><\/p><p><code>url = f\"http:\/\/{host}\/kylin\/api\/projects\"<\/code><\/p><p><\/p><p>takes the username and password and encodes them with base64 to create basic auth.<\/p><p><\/p><p><code>auth_header = f\"Basic {base64.b64encode(f'{username}:{password}'.encode('ascii')).decode('ascii')}\"<\/code><\/p><p><\/p><p>Structuring the headers, and the project data which includes the name, description ..etc, we have also the project_desc_data with is the project data but in a JSON format<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3m5uv20np30jp3gkjy9ze3.png\"><p><\/p><p>Proxy setting to be able to intercept the requests from the script<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3m7ktv0nte0jn51tex2y7u.png\"><p><\/p><p>Send the HTTP request, and check for the error message if the project already existed.<\/p><p>If the HTTP code is 200 which means the request success<\/p><p>It will retrieve the jsessionid<\/p><p>If there&#8217;s some other error it will be printed and it will return none<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3m91ej0nuc0jn55wgf2xpm.png\"><p><\/p><h3>trigger_diagnosis function<\/h3><p><\/p><p>The function takes those args <code>host, jsessionid, lhost, lport<\/code><\/p><p>all entered by the user except jessionid returned from <code>create_project<\/code> function.<\/p><p>Structuring the project_name i.e. the malicious payload, the URL to trigger the exploitation, and the headers.<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3ma1180nux0jn5hvh5cbyp.png\"><p><\/p><p>Proxy setting to be able to intercept the requests from the script<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mavmt0nva0jn5gsm166hv.png\"><p><\/p><p>Send the request, if it&#8217;s 200 OK, it will print &#8220;[+] Request is successful.&#8221;<\/p><p>otherwise, it will print the error code.<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mcb140nw60jn5egw3gfip.png\"><p><\/p><p>Here&#8217;s a banner with usage instructions and example.<\/p><p>Unless there are 5 args entered, the tool will exit.<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mdm1b0ntt0jp3arze400u.png\"><p><\/p><p>The returned value of jsessionid from <code>create_project<\/code> function is stored in the variable <code>jsessionid<\/code><\/p><p><\/p><p>it checks if jsessionid variable is not none and has the value false, it runs the <code>trigger_diagnosis<\/code> function. otherwise, it will quit.<\/p><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mf65x0nun0jp3a3m8bdz5.png\"><p><\/p><h1>Run the exploitation script<\/h1><p><\/p><p>I&#8217;m going to run the exploit and use the proxy to intercept the requests in burpsuite demonstrating better understanding.<\/p><p><\/p><ul><li><p>This is the  <code>create_project<\/code> function request<\/p><\/li><\/ul><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mg3200nv30jp37pszcdlm.png\"><p><\/p><ul><li><p>This is the <code>trigger_diagnosis<\/code> function request<\/p><\/li><\/ul><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mgqgi0nyz0jn5adfed7ca.png\"><p><\/p><ul><li><p>Received a connection and gained access<\/p><\/li><\/ul><p><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mhf3t0nzk0jn5cbav61yc.png\"><p><\/p><p>Video of the exploitation tool from here:<br><br><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/youtu.be\/gg8Qrs-zo_E\">https:\/\/youtu.be\/gg8Qrs-zo_E<\/a><\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p class=\"wp-block-paragraph\"><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Introduction This is an exploitation script written in  [&hellip;]<\/p>","protected":false},"author":148637484,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,1075,61],"tags":[1076,477],"class_list":["post-66692","post","type-post","status-publish","format-standard","hentry","category-vrx","category-year2023","category-press-release","tag-1076","tag-vrx"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2021-45456 Apache Kylin RCE Exploit - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2021-45456 Apache Kylin RCE Exploit - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction This is an exploitation script written in [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-02T07:13:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T08:31:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"versionpan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"versionpan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/05\\\/cve-2021-45456-apache-kylin-rce-exploit\\\/\"},\"author\":{\"name\":\"versionpan\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\"},\"headline\":\"CVE-2021-45456 Apache Kylin RCE Exploit\",\"datePublished\":\"2023-05-02T07:13:32+00:00\",\"dateModified\":\"2024-09-13T08:31:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/05\\\/cve-2021-45456-apache-kylin-rce-exploit\\\/\"},\"wordCount\":506,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\",\"keywords\":[\"2023\",\"vRx\"],\"articleSection\":[\"vRx\",\"2023\",\"Press Release\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/05\\\/cve-2021-45456-apache-kylin-rce-exploit\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce\",\"name\":\"CVE-2021-45456 Apache Kylin RCE Exploit - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\",\"datePublished\":\"2023-05-02T07:13:32+00:00\",\"dateModified\":\"2024-09-13T08:31:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2021-45456 Apache Kylin RCE Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\",\"name\":\"versionpan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"caption\":\"versionpan\"},\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/versionpan\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2021-45456 Apache Kylin RCE Exploit - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce","og_locale":"en_US","og_type":"article","og_title":"CVE-2021-45456 Apache Kylin RCE Exploit - Version 2","og_description":"Introduction This is an exploitation script written in [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce","og_site_name":"Version 2","article_published_time":"2023-05-02T07:13:32+00:00","article_modified_time":"2024-09-13T08:31:19+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"versionpan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"versionpan","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/05\/cve-2021-45456-apache-kylin-rce-exploit\/"},"author":{"name":"versionpan","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8"},"headline":"CVE-2021-45456 Apache Kylin RCE Exploit","datePublished":"2023-05-02T07:13:32+00:00","dateModified":"2024-09-13T08:31:19+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/05\/cve-2021-45456-apache-kylin-rce-exploit\/"},"wordCount":506,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max","keywords":["2023","vRx"],"articleSection":["vRx","2023","Press Release"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/05\/cve-2021-45456-apache-kylin-rce-exploit\/","url":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce","name":"CVE-2021-45456 Apache Kylin RCE Exploit - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max","datePublished":"2023-05-02T07:13:32+00:00","dateModified":"2024-09-13T08:31:19+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clh3mq3ba0o6y0jn573829ddg.png?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"CVE-2021-45456 Apache Kylin RCE Exploit"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8","name":"versionpan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","caption":"versionpan"},"url":"https:\/\/version-2.com\/en\/author\/versionpan\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-hlG","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/66692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/148637484"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=66692"}],"version-history":[{"count":6,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/66692\/revisions"}],"predecessor-version":[{"id":69377,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/66692\/revisions\/69377"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=66692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=66692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=66692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}