unauthenticated-zipkin: Zipkin Discovery

漏洞描述

PoC代码[已公开]

id: unauthenticated-zipkin

info:
  name: Zipkin Discovery
  author: dhiyaneshDk
  severity: high
  description: Unauthenticated access to Zipkin was discovered.
  reference:
    - https://zipkin.io/
  metadata:
    max-request: 1
  tags: unauth,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/config.json"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - 'application/json'
        part: header

      - type: word
        words:
          - environment
          - defaultLookback
        part: body
        condition: and
# digest: 490a0046304402205dea6ad9e185454bd442adb6c27245d55123b16dea6df10220aac8b55ad4e2ce02207c9d4c98b75bf20adeca2c92c91001df147da9892d6af48da8bc285cb37221bb:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2016-7552: Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
• POC CVE-2019-16313: ifw8 Router ROM v4.31 - Credential Discovery
• POC CVE-2019-16313: ifw8 Router ROM v4.31 Credential Discovery
• POC CVE-2020-8193: Citrix unauthenticated LFI
• POC CVE-2021-22986: F5 BIG-IP iControl REST unauthenticated RCE
• POC fuelcms-default-login: Fuel CMS - Default Admin Discovery
• POC jupyterhub-default-login: Jupyterhub - Default Admin Discovery
• POC openemr-default-login: OpenEMR - Default Admin Discovery
• POC jboss-xml-console-unauthorized: JBoss JMX Console Weak Credential Discovery
• POC kubernetes-pods-api: Kubernetes Pods - API Discovery & Remote Code Execution
• POC network-discovery-public-disabled: Network Discovery Disabled on Public Networks
• POC smartbi-unauthenticated-sqli: SmartBi 全版本 SQl 注入
• POC dubbo-admin-default-login: Apache Dubbo - Default Admin Discovery