漏洞描述
Dubbo Admin是Apache Dubbo的一个重要组件,它主要用于管理Dubbo服务提供者和消费者,为Dubbo框架提供了一个可视化的管理界面。 在 0.6.0及以下的版本中存在一个默认的 JWT 密钥导致攻击者可以伪造管理员用户
Dubbo Admin jwt signSecret 硬编码漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-27624: WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
- POC CVE-2025-52970: Fortinet FortiWeb - Authentication Bypass to Admin Privilege
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- PgAdmin PgAdmin4 需授权 代码注入漏洞
- POC cluster-trino-admin-login: Cluster Overview Trino - Admin Login
- Windows 11 RAiLaunchAdminProcess 管理员保护特权提升漏洞
- hue-default-credential: Cloudera Hue Default Admin Login
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2007-5728: phpPgAdmin <=4.1.1 - Cross-Site Scripting
- POC CVE-2008-5587: phpPgAdmin <=4.2.1 - Local File Inclusion