漏洞描述
网络与信息安全风险监控预警系统存在SpringBootdruid数据库监控/druid/index.html文件未授权访问漏洞,导致可对数据库进行实时监控、盗取数据等恶意操作,如果监控了SESSION和URI还可发生更多安全问题,如通过泄露的URI可能获取到后台路径,根据泄露的SESSION就可能登录WEB后台,造成更大损失。
网络与信息安全风险监控预警系统druid未授权访问
PoC代码
暂无相关漏洞推荐
- 天地伟业Easy7综合管理平台druid未授权访问
- druid-monitor-unauth: Druid Monitor Unauth
- POC CVE-2023-34537: Hoteldruid 3.0.5 - Cross-Site Scripting
- POC CVE-2023-43373: Hoteldruid v3.0.5 - SQL Injection
- POC CVE-2023-43374: Hoteldruid v3.0.5 - SQL Injection
- POC druid-default-login: Apache Druid Default Login
- POC ruoyi-druid-unauth: 若依管理系统未授权访问
- POC apache-druid-unauth: Apache Druid Unauth
- POC druid-default-login: Alibaba Druid Monitor Default Login
- POC apache-druid-unauth: Apache Druid Unauth
- POC druid-monitor: Alibaba Druid Monitor Unauthorized Access
- POC apache-druid-log4j-rce: Apache Druid - Remote Code Execution (Apache Log4j)
- POC unauth-hoteldruid-panel: Hoteldruid Management Panel Access