admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Consul_Service_API_RCE

Browse Source
This commit is contained in:
gobysec 2021-07-16 10:22:41 +08:00
parent fb0f444be4
commit ebd9b74e44
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Consul/Consul_Service_API_RCE/Consul_Service_API_RCE.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 680 KiB

9
Consul/Consul_Service_API_RCE/README.md Normal file
View File

@ -0,0 +1,9 @@
# Consul Service API RCE
Under a specific configuration, a malicious attacker can remotely execute commands on the Consul server without authorization by sending a carefully constructed HTTP request.
**FOFA query rule**: [title="Consul by HashiCorp" || protocol="consul(http)"](https://fofa.so/result?qbase64=dGl0bGU9IkNvbnN1bCBieSBIYXNoaUNvcnAiIHx8IHByb3RvY29sPSJjb25zdWwoaHR0cCki)
# Demo
![](Consul_Service_API_RCE.gif)