支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 600f727b2f4d9a6210465b8f312654cb43bae8c0

来源
https://github.com/spyata123/CVE-2023-3128
关联漏洞
标题:Grafana 安全漏洞 (CVE-2023-3128)
POC 描述:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于当使用多租户应用程序配置Azure AD OAuth时,会导致帐户接管和身份验证绕过。
介绍
# CVE-2023-3128

To check if a domain is vulnerable to CVE-2023-3128, which involves an authentication bypass in Grafana due to Azure AD email claim validation, you can use the following Python script:

-------------------
#!/usr/bin/env python3
import requests
import argparse

def check_cve_2023_3128(target_url, verbose=False):
    """Check for CVE-2023-3128 vulnerability"""
    session = requests.Session()
    
    # Step 1: Verify Azure AD SSO configuration
    try:
        response = session.get(
            f"{target_url}/login",
            allow_redirects=False,
            timeout=10
        )
        azure_ad_configured = any(
            "azuread" in location.lower() 
            for location in response.headers.get('Location', '')
        )
        
        if verbose:
            print(f"[*] Azure AD SSO configured: {azure_ad_configured}")
            
    except requests.RequestException as e:
        if verbose:
            print(f"[!] Connection error: {str(e)}")
        return False

    # Step 2: Attempt authentication bypass (spoofing)
    # Note: This requires creating an Azure AD account with the same email as a target Grafana user.
    #       This step is not automated due to ethical and legal considerations.
    if azure_ad_configured:
        if verbose:
            print("[*] Azure AD SSO is enabled. Vulnerability may be exploitable via email spoofing.")
        return True
    else:
        if verbose:
            print("[-] Azure AD SSO not detected or not vulnerable.")
        return False

def main():
    parser = argparse.ArgumentParser(description='CVE-2023-3128 Scanner')
    parser.add_argument('url', help='Target URL (e.g., https://example.com)')
    parser.add_argument('-v', '--verbose', action='store_true', help='Enable verbose output')
    args = parser.parse_args()

    if check_cve_2023_3128(args.url, verbose=args.verbose):
        print(f"\nTarget {args.url} may be vulnerable to CVE-2023-3128.")
        print("Recommendation: Update Grafana to version ≥9.5.5 and ensure Azure AD OAuth is properly configured.")
    else:
        print(f"\nTarget {args.url} does not appear to be vulnerable to CVE-2023-3128.")

if __name__ == "__main__":
    main()
文件快照

 [4.0K]  /data/pocs/600f727b2f4d9a6210465b8f312654cb43bae8c0
└── [2.2K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。