11
GitHub - fengwenhua/CVE-2021-37580: CVE-2021-37580的poc
source link: https://github.com/fengwenhua/CVE-2021-37580
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CVE-2021-37580
CVE-2021-37580 的 poc
0x00 漏洞原理
漏洞原理:# Apache ShenYu Admin bypass JWT authentication CVE-2021-37580
0x01 单个url
Usage: python3 CVE-2021-37580.py -u url -n username.txt
shenyu-admin-2.4.0
的,有漏洞的如下:
shenyu-admin-2.4.1
的,没有漏洞的如下:
0x02 批量url检测
Usage: python3 CVE-2021-37580.py -f url.txt -n username.txt
0x03 脚本报错
如果脚本运行报错:
AttributeError: module 'jwt' has no attribute 'encode'
执行如下命令:
python3 -m pip uninstall jwt python3 -m pip uninstall pyjwt python3 -m pip install pyjwt==1.5.3 --user
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK