漏洞描述
Consul是HashiCorp公司推出的开源工具,Consul由Go语言开发,部署起来非常容易,Consul是分布式的、高可用的、可横向扩展的用于实现分布式系统的服务发现与配置。Consul平台存在接口配置信息泄露,可泄露各种服务器IP、配置信息,有可能会导致命令执行。
Consul平台 /v1/agent/self接口配置信息泄露
PoC代码
暂无相关漏洞推荐
- consul-service-rce: Consul Service RCE
- POC CVE-2020-25864: HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
- POC CVE-2022-29153: HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
- POC CVE-2020-25864: HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
- POC consul-api-discosure: Consul API publicly exposed
- POC consul-rexec-rce: Consul rexec RCE
- POC hashicorp-consul-unauth: Hashicorp Consul API Unauthenticated
- POC hashicorp-consul-rce: Hashicorp Consul Services API - Remote Code Execution
- 图创图书馆集群管理系统 /opac/weixin/Consult/detail SQL注入漏洞
- HashiCorp Consul/Consul Enterprise 存在ssrf漏洞(CVE-2022-29153)
- gn consulting系统news_detail.php-SQL注入
- Amauta Consultores-SQL注入