admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/中间件漏洞/Apache ShenYu dashboardUser 账号密码泄漏漏洞 CVE-2021-37580.md

32 lines
645 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# Apache ShenYu dashboardUser 账号密码泄漏漏洞 CVE-2021-37580
## 漏洞描述
Apache ShenYu Admin爆出身份验证绕过漏洞攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。 Apache ShenYu 是应用于所有微服务场景的,可扩展、高性能、响应式的 API 网关解决方案。
## 漏洞影响
```
Apache ShenYu 2.3.0
Apache ShenYu 2.4.0
```
## 网络测绘
```
title=="ShenYu Gateway"
```
## 漏洞复现
登录页面
![image-20220525161442379](images/202205251614427.png)
验证POC
```
/dashboardUser
```
![image-20220525161531420](images/202205251615480.png)
Reference in New Issue Copy Permalink