漏洞描述
Casdoor 是一个基于 OAuth 2.0 / OIDC 的 UI 优先集中认证 / 单点登录 (SSO) 平台。Casdoor get-usersapi接口存在账号密码泄漏漏洞,攻击者通过漏洞可以获取用户敏感信息
Casdoor get-users 账号密码泄漏漏洞
PoC代码
暂无相关漏洞推荐
- wordpress /wp-json/wp/v2/users 信息泄露漏洞
- Nacos /nacos/v1/auth/users/login 默认口令漏洞
- 畅捷通T+ getdecallusers信息泄露漏洞
- Nacos /nacos/v1/auth/users 权限绕过漏洞(CVE-2021-43116)
- POC CVE-2022-24124: Casdoor 1.13.0 - Unauthenticated SQL Injection
- POC CVE-2022-24124: Casdoor 1.13.0 - Unauthenticated SQL Injection
- POC azure-entra-id-guest-users-unmonitored: Azure Entra ID Guest Users Unmonitored
- POC azure-mfa-not-enabled-privileged-users: Azure MFA Not Enabled for All Privileged Users
- POC bohuawanglong-users-xml-password-leak: 博华网龙防火墙 users.xml 未授权访问
- POC casbin-get-users-account-password-disclosure: Casbin get-users 账号密码泄漏漏洞
- POC casdoor-static-fileread: Casdoor 任意文件读取漏洞
- POC crawlab-any-adduser-and-anyfile-read: Crawlab users 任意用户添加漏洞 任意文件读取漏洞
- POC dahua-icc-sysusers-random-fastjson-rce: 大华ICC智能物联综合管理平台存在fastjson漏洞