artifactory-anonymous-deploy: Artifactory anonymous deploy

日期: 2025-08-01 | 影响软件: artifactory | POC: 已公开

漏洞描述

Artifactory anonymous repo is exposed.

PoC代码[已公开]

id: artifactory-anonymous-deploy

info:
  name: Artifactory anonymous deploy
  author: panch0r3d
  severity: high
  description: Artifactory anonymous repo is exposed.
  reference:
    - https://www.errno.fr/artifactory/Attacking_Artifactory.html
  metadata:
    max-request: 1
  tags: artifactory,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/artifactory/ui/repodata?deploy=true"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"repoKey"'
        part: body

      - type: status
        status:
          - 200

      - type: word
        words:
          - "application/json"
        part: header
# digest: 4a0a00473045022100c2f237d565ffbe9a8a55ac5ab1854d4b760b08a4b1ab8db1162db086f79aec3502207291b3430e662afb0a0cecbfbcad5871cd5d5a42082fae611d158cf6cedd911a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/artifactory-anonymous-deploy.yaml

相关漏洞推荐