Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16097 PoC — Harbor 权限许可和访问控制问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-16097.yaml
Associated Vulnerability
Title:Harbor 权限许可和访问控制问题漏洞 (CVE-2019-16097)
Description:Harbor是一款开源的可信云本机注册表。该产品主要用于存储、签名和扫描容器映像以查找漏洞。 Harbor 1.7.0版本至1.8.2版本中的core/api/user.go文件存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞创建admin账户。
Description
Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
File Snapshot

 id: CVE-2019-16097

info:
  name: Harbor <=1.82.0 - Privilege Escalation
  author: pikpikcu
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.