11

GitHub - fengwenhua/CVE-2021-37580: CVE-2021-37580的poc

 2 years ago
source link: https://github.com/fengwenhua/CVE-2021-37580
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

CVE-2021-37580

CVE-2021-37580 的 poc

0x00 漏洞原理

漏洞原理:# Apache ShenYu Admin bypass JWT authentication CVE-2021-37580

0x01 单个url

Usage: python3 CVE-2021-37580.py -u url -n username.txt

shenyu-admin-2.4.0的,有漏洞的如下:

shenyu-admin-2.4.1的,没有漏洞的如下:

0x02 批量url检测

Usage: python3 CVE-2021-37580.py -f url.txt -n username.txt

0x03 脚本报错

如果脚本运行报错:

AttributeError: module 'jwt' has no attribute 'encode'

执行如下命令:

python3 -m pip uninstall jwt
python3 -m pip uninstall pyjwt
python3 -m pip install pyjwt==1.5.3 --user

About

CVE-2021-37580的poc

Resources

Releases

No releases published

Packages

No packages published

Languages


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK