Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-29442 PoC — Alibaba nacos 访问控制错误漏洞

Source
https://github.com/VictorShem/QVD-2024-26473
Associated Vulnerability
Title:Alibaba nacos 访问控制错误漏洞 (CVE-2021-29442)
Description:nacos是中国阿里巴巴(Alibaba)的一个动态服务发现、配置和服务管理平台。该软件支持基于 DNS 和基于 RPC 的服务发现,可提供提供实时健康检查,阻止服务向不健康的主机或服务实例发送请求等功能。 Nacos 存在访问控制错误漏洞,该漏洞源于ConfigOpsController允许用户执行管理操作,比如查询数据库,甚至清除数据库。
Description
QVD-2024-26473 && CVE-2021-29442
Readme
# QVD-2024-26473
QVD-2024-26473 && CVE-2021-29442


# FOFA Search:
https://fofa.info/result?qbase64=YXBwPSJOYWNvcyI%3D
# ZoomEye Search:
https://www.zoomeye.org/searchResult?q=app%3A%22Alibaba%20Nacos%22
File Snapshot

 [4.0K]  /data/pocs/09d2e732626084841daa63226440480945445173
├── [1.3K]  CVE-2021-29442.yaml
└── [ 213]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.