admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Dapr Dashboard configurations 未授权访问漏洞 CVE-2022-38817.md

33 lines
767 B
Markdown
Raw Normal View History

更新漏洞库:Web应用漏洞/
2022-10-17 17:17:13 +08:00
# Dapr Dashboard configurations 未授权访问漏洞 CVE-2022-38817
## 漏洞描述
Dapr Dashboard 存在 未授权访问漏洞在未经授权的情况下获取云上redis、mongodb、rabbitmq等应用的明文配置信息并可以进一步利用这些配置信息获取云上的敏感数据
## 漏洞影响
```
Dapr Dashboard
```
## FOFA
```
"Dapr Dashboard"
```
## 漏洞复现
主页面
![image-20221017171042042](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171710081.png)
验证POC
```
/configurations
```
![image-20221017171055193](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171710235.png)
![image-20221017171111046](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171711095.png)
Reference in New Issue Copy Permalink