漏洞描述
Unauthenticated access to Pact Broker, a repository for consumer-driven contracts and verification results.
unauth-pact-broker: Unauth Pact Broker - Detect
PoC代码[已公开]
id: unauth-pact-broker
info:
name: Unauth Pact Broker - Detect
author: pdteam
severity: medium
description: |
Unauthenticated access to Pact Broker, a repository for consumer-driven contracts and verification results.
reference:
- https://docs.pact.io/pact_broker
- https://github.com/pact-foundation/pact_broker
classification:
cwe-id: CWE-200
metadata:
verified: true
max-request: 3
shodan-query: 'title:"Pacts"'
fofa-query: 'title="Pacts"'
zoomeye-query: 'title:"Pacts"'
tags: pactbroker,misconfig,unauth,pacts,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/pacts"
- "{{BaseURL}}/ui/relationships"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: dsl
name: pact-broker-title
dsl:
- 'contains(body, "<title>Pacts</title>") || contains(body, "<title>Pact Broker</title>")'
- 'status_code == 200'
condition: and
- type: dsl
name: pact-broker-api
dsl:
- 'contains(body, "_links")'
- 'contains(body, "pb:pacticipants") || contains(body, "pb:publish-pact") || contains(body, "pb:webhooks")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220086588acdd027ee7be92e009e797db8d247b1553c2b5fe15f40ba846bf63b199022100ce96959ecbd31f0bb39d3153d64cf4e2f51173a2ae3099904cd84da8371e1c60:922c64590222798bb761d5b6d8e72950