Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-20933 PoC — Influxdata InfluxDB 授权问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-20933.yaml
Associated Vulnerability
Title:Influxdata InfluxDB 授权问题漏洞 (CVE-2019-20933)
Description:Influxdata Influxdata InfluxDB是美国Influxdata公司的一个基于Go开发的时序性数据库。 Influxdata InfluxDB 1.7.6之前版本存在安全漏洞,该漏洞源于在服务httpd处理程序的身份验证功能中,有一个身份验证绕过漏洞。因为JWT令牌可能有一个空的SharedSecret(又名shared secret)。
Description
InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
File Snapshot

 id: CVE-2019-20933

info:
  name: InfluxDB <1.7.6 - Authentication Bypass
  author: pussycat0x,c-sh0

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.