CVE-2020-11710 PoC — docker-kong 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11710.yaml

Associated Vulnerability

Title:docker-kong 安全漏洞 (CVE-2020-11710)
Description:docker-kong是一款使用在Docker应用容器引擎中的网关产品。 docker-kong(用于Kong) 2.0.3及之前版本中存在安全漏洞。攻击者可利用该漏洞在127.0.0.1以外的接口上访问admin API端口。

Description

Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.

File Snapshot


 id: CVE-2020-11710

info:
  name: Kong Admin <=2.03 - Admin API Access
  author: pikpikcu
  severity

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!