Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37580 PoC — Apache ShenYu 授权问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37580.yaml
Associated Vulnerability
Title:Apache ShenYu 授权问题漏洞 (CVE-2021-37580)
Description:Apache ShenYu是美国阿帕奇(Apache)基金会的一个异步的,高性能的,跨语言的,响应式的 API 网关。 Apache ShenYu Admin 存在授权问题漏洞,该漏洞源于ShenyuAdminBootstrap 中 JWT 的错误使用允许攻击者绕过身份验证。
Description
Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
File Snapshot

 id: CVE-2021-37580

info:
  name: Apache ShenYu Admin JWT - Authentication Bypass
  author: pdteam
 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.