mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 10:16:59 +00:00
Consul Service API RCE
Under a specific configuration, a malicious attacker can remotely execute commands on the Consul server without authorization by sending a carefully constructed HTTP request.
FOFA query rule: title="Consul by HashiCorp" || protocol="consul(http)"
Demo
