qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Crawlab-Arbitrary-File-Read...

69 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Crawlab Arbitrary File Read",
"Description": "<p>Crawlab is a distributed crawler management platform that supports any language and framework.</p><p>The Crawlab management platform has arbitrary user addition and background file reading vulnerabilities. Attackers can obtain sensitive system information through the added users and further take over the system.</p>",
"Product": "Crawlab",
"Homepage": "https://github.com/crawlab-team/crawlab",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"crawlab\"",
"GobyQuery": "body=\"crawlab\"",
"Level": "2",
"Impact": "<p>The Crawlab management platform has arbitrary user addition and background file reading vulnerabilities. Attackers can obtain sensitive system information through the added users and further take over the system.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/crawlab-team/crawlab\">https://github.com/crawlab-team/crawlab</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Crawlab 爬虫管理平台后台任意文件读取漏洞",
"VulType": ["文件读取"],
"Tags": ["文件读取"],
"Description": "<p>Crawlab是一款分布式爬虫管理平台支持任何语言和框架。</p><p>Crawlab管理平台存在任意用户添加和后台文件读取漏洞攻击者可通过添加的用户获取系统敏感信息进一步接管系统。</p>",
"Impact": "<p>Crawlab管理平台存在任意用户添加和后台文件读取漏洞攻击者可通过添加的用户获取系统敏感信息进一步接管系统。</p>",
"Product": "Crawlab",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://github.com/crawlab-team/crawlab\">https://github.com/crawlab-team/crawlab</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Crawlab Arbitrary File Read",
"VulType": ["file-read"],
"Tags": ["file-read"],
"Description": "<p>Crawlab is a distributed crawler management platform that supports any language and framework.</p><p>The Crawlab management platform has arbitrary user addition and background file reading vulnerabilities. Attackers can obtain sensitive system information through the added users and further take over the system.</p>",
"Impact": "<p>The Crawlab management platform has arbitrary user addition and background file reading vulnerabilities. Attackers can obtain sensitive system information through the added users and further take over the system.</p>",
"Product": "Crawlab",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/crawlab-team/crawlab\">https://github.com/crawlab-team/crawlab</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://fofa.so"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "input",
"value": "../../etc/passwd"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"file-read"
],
"VulType": [
"file-read"
],
"CVEIDs": [
""
],
"CVSSScore": "7.5",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink