漏洞描述
【漏洞对象】Kong 【漏洞描述】 Kong附带了一个用于管理目的的内部 RESTful Admin API。可以将对AdminAPI的请求发送到群集中的任何节点,并且Kong将使所有节点上的配置保持一致。8001 是AdminAPI侦听的默认端口。此API专为内部使用而设置,可完全控制Kong,因此在设置Kong环境时应小心谨慎,以避免公开曝光此API。
kong-Admin API-未授权访问
PoC代码
暂无相关漏洞推荐
- hue-default-credential: Cloudera Hue Default Admin Login
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2007-5728: phpPgAdmin <=4.1.1 - Cross-Site Scripting
- POC CVE-2008-5587: phpPgAdmin <=4.2.1 - Local File Inclusion
- POC CVE-2009-1151: PhpMyAdmin Scripts - Remote Code Execution
- POC CVE-2011-4926: Adminimize 1.7.22 - Cross-Site Scripting
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2015-2863: Kaseya Virtual System Administrator - Open Redirect
- POC CVE-2015-4127: WordPress Church Admin <0.810 - Cross-Site Scripting
- POC CVE-2016-1000126: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC CVE-2016-1000138: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC CVE-2016-5649: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
- POC CVE-2017-14524: OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect