CVE-2021-29441 PoC — Nacos 安全漏洞

Source

https://github.com/bysinks/CVE-2021-29441

Associated Vulnerability

Title:Nacos 安全漏洞 (CVE-2021-29441)
Description:nacos是中国阿里巴巴（Alibaba）的一个动态服务发现、配置和服务管理平台。该软件支持基于 DNS 和基于 RPC 的服务发现，可提供提供实时健康检查，阻止服务向不健康的主机或服务实例发送请求等功能。 Nacos 存在安全漏洞，该漏洞源于允许Nacos服务器绕过过滤器，从而跳过身份验证检查。这种机制依赖于用户代理HTTP头，因此很容易被欺骗。

Readme

# CVE-2021-29441
运行: CVE-2021-29441.exe ip
阿里nacos 越权添加账户

File Snapshot


 [4.0K]  /data/pocs/2bef1dc46843c7afede5414a6937ed1da2e1f57a
├── [1.7K]  CVE-2021-29441.go
└── [  78]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!