POC详情: 8e8fe8b872c6163a591c7db9cca2d2686e39fe24

来源
关联漏洞
标题: MinIO 信息泄露漏洞 (CVE-2023-28432)
描述:MinIO是美国MinIO公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO 存在信息泄露漏洞,该漏洞源于在集群部署中MinIO会返回所有环境变量,导致信息泄露。
描述
MinIO vulnerability exploit - CVE-2023-28432
介绍


# CVE-2023-28432 - PoC

## Description
This python3 script is designed to exploit CVE-2023-28432, which potentially affects certain MinIO server configurations. The script makes a POST request to a specified hostname, attempting to retrieve sensitive environment variables such as `MINIO_ROOT_PASSWORD` and `MINIO_UPDATE_MINISIGN_PUBKEY`.

## Requirements
- Python 3
- `requests` library

## Installation
Before running the script, ensure you have Python 3 installed on your system. You can install the required Python packages using pip:

```bash
pip3 install requests
```

## Usage
The script accepts the hostname as a required argument and has options for using HTTPS and printing raw data.

```bash
python3 exploit.py [hostname] [--use-https] [--raw]
```

### Arguments
- `hostname`: Specifies the target hostname, e.g., 'domain.htb'.
- `--use-https`: Enable this option to use HTTPS for the requests. The default is HTTP.
- `--raw`: Print the raw JSON data retrieved from the server.

## Example
To run the script against `example.htb` using HTTPS and print formatted environment variables:

```bash
python3 exploit.py example.htb --use-https
```

To print the raw JSON response:

```bash
python3 exploit.py example.htb --use-https --raw
```

## Note
This tool is for educational and ethical testing purposes only. Unauthorized testing of servers without explicit permission is illegal and unethical.
文件快照

[4.0K] /data/pocs/8e8fe8b872c6163a591c7db9cca2d2686e39fe24 ├── [1.6K] poc.py └── [1.4K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。