CVE-2023-28432 PoC — MinIO 信息泄露漏洞

Source

https://github.com/NET-Flowers/CVE-2023-28432

Associated Vulnerability

Title:MinIO 信息泄露漏洞 (CVE-2023-28432)
Description:MinIO是美国MinIO公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO 存在信息泄露漏洞，该漏洞源于在集群部署中MinIO会返回所有环境变量，导致信息泄露。

Description

CVE-2023-28432检测工具

Readme

# CVE-2023-28432
CVE-2023-28432检测工具

### 1、启动使用方法：

只需要下载demo.jar文件即可

```
    双击 或者执行 java -jar demo.jar
```
### 2、使用：
###### 漏洞描述

<img width="618" alt="261935617-612b3314-54c2-467c-8d99-0d4d7e1da53e" src="https://github.com/bingtangbanli/CVE-2023-28432/assets/77956516/9ec1f488-425d-4175-bb24-b0149e7e4324">

###### 漏洞检测

<img width="621" alt="261935689-3f4352ab-4513-4c3d-9576-e11d42c3e817" src="https://github.com/bingtangbanli/CVE-2023-28432/assets/77956516/a091bdc0-0da5-46b6-8b22-0ef89c0d84f3">

###### 漏洞利用

<img width="625" alt="261935868-19792260-530a-4edf-9dae-4b1f02a88ce7" src="https://github.com/bingtangbanli/CVE-2023-28432/assets/77956516/fb33068f-ed00-4d23-92a6-eef2be279154">

File Snapshot


 [4.0K]  /data/pocs/d70b3bffeabd11e58937ae5b43ab6041ce89deef
├── [ 15M]  demo.jar
├── [4.0K]  img
│   ├── [313K]  261935617-612b3314-54c2-467c-8d99-0d4d7e1da53e.png
│   ├── [233K]  261935689-3f4352ab-4513-4c3d-9576-e11d42c3e817.png
│   └── [271K]  261935868-19792260-530a-4edf-9dae-4b1f02a88ce7.png
├── [ 192]  Launcher.java
├── [ 10K]  LouDongTool.java
└── [ 782]  README.md

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!