admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update JumpServer未授权漏洞.md

Browse Source
This commit is contained in:
wy876 2023-10-26 20:33:25 +08:00 committed by GitHub
parent c95c75f5d6
commit cd6aa33dc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
JumpServer未授权漏洞.md
View File

@ -9,6 +9,11 @@
```
icon_hash="-1162630024"
```
## Hunter
```
app.name="JumpServer"
```
## POC
JumpServer 是一款开源的堡垒机。 在JumpServer受影响版本中由于/api/v1/terminal/sessions/接口没有添加权限认证,未授权的攻击者可以通过访问/api/v1/terminal/sessions/?limit=1获取堡垒机terminal的session信息