漏洞描述
用友分析云存在druid未授权访问漏洞,用友分析云默认启动druid,未对druid做登录认证,导致任意用户可直接访问druid,读取session、数据库配置、SQL监控、Spring监控、查看JsonApi。
用友分析云druid未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- 天地伟业Easy7综合管理平台druid未授权访问
- druid-monitor-unauth: Druid Monitor Unauth
- POC CVE-2023-34537: Hoteldruid 3.0.5 - Cross-Site Scripting
- POC CVE-2023-43373: Hoteldruid v3.0.5 - SQL Injection
- POC CVE-2023-43374: Hoteldruid v3.0.5 - SQL Injection
- POC druid-default-login: Apache Druid Default Login
- POC ruoyi-druid-unauth: 若依管理系统未授权访问
- POC apache-druid-unauth: Apache Druid Unauth
- POC druid-default-login: Alibaba Druid Monitor Default Login
- POC apache-druid-unauth: Apache Druid Unauth
- POC druid-monitor: Alibaba Druid Monitor Unauthorized Access
- POC apache-druid-log4j-rce: Apache Druid - Remote Code Execution (Apache Log4j)
- POC unauth-hoteldruid-panel: Hoteldruid Management Panel Access