mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 10:41:40 +00:00
425 B
425 B
Consul Service API RCE
Under a specific configuration, a malicious attacker can remotely execute commands on the Consul server without authorization by sending a carefully constructed HTTP request.
FOFA query rule: title="Consul by HashiCorp" || protocol="consul(http)"
Demo
