unauth-kafka-config-editor: Kafka Config Editor - Unauthenticated Access

漏洞描述

PoC代码[已公开]

id: unauth-kafka-config-editor

info:
  name: Kafka Config Editor - Unauthenticated Access
  author: DhiyaneshDk
  severity: high
  description: |
    Kafka Config Editor was detected and appeared to be accessible without authentication.
  classification:
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
  tags: kafka,misconfig,unauth,dashboard,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Config Editor", "Current Config", "Update Config")'
          - 'status_code == 200'
        condition: and
# digest: 490a00463044022029994504b73a28c3d0a7813daf21a1dd7e80b7353d7920d869cb807f9bd5e15702203e6cee5cdc4fce5353f625215a739d9acd49ed36ff377388ae54a22fc6916f5e:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
• POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
• POC unauth-munin: Munin Monitoring Dashboard - Exposure
• 友加畅捷管理系统 Sysconfig/GetZTList 未授权访问致信息泄露漏洞
• 全程云 /OA/api/2.0/Common/AttachFile/UploadEditorFile 文件上传漏洞
• POC CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
• POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
• POC CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
• POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
• POC CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
• POC CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
• POC CVE-2022-33198: WordPress Accordions - Unauthenticated Settings Update