admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Scrapyd Unauthorized Access RCE

Browse Source
This commit is contained in:
gobysec 2021-07-29 15:01:53 +08:00
parent 70eab3eceb
commit edb4438a6a
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Scrapyd/README.md Normal file
View File

@ -0,0 +1,9 @@
# Scrapyd Unauthorized Access RCE
Scrapyd is a cloud service provided by the crawler framework scrapy. Users can deploy their own scrapy package to the cloud service, which is listening on port 6800 by default. If an attacker can access this port, he will be able to deploy malicious code to the server and gain server permissions.
**FOFA query rule**: [title=="Scrapyd"](https://fofa.so/result?qbase64=dGl0bGU9PSJTY3JhcHlkIg%3D%3D)
# Demo
![](Scrapyd_Unauthorized_Access_RCE.gif)

BIN
Scrapyd/Scrapyd_Unauthorized_Access_RCE.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 666 KiB