听说有nps鉴权绕过漏洞 - Githubissues

ehang-io / nps

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.

https://ehang.io/nps/documents

GNU General Public License v3.0

30.47k stars 5.5k forks source link

听说有nps鉴权绕过漏洞 #1090

Open Deep0 opened 2 years ago

Deep0 commented 2 years ago

web/controllers/base.go 听说是auth_key鉴权漏洞，请作者核实一下？

hongcaohu commented 2 years ago

也收到了漏洞通知

crazyNing commented 2 years ago

我刚刚复现了，但是没看出来利用价值，每次请求带auth_key可以成功访问页面，但是管理好像不行，没深入看

lishiren-admin commented 2 years ago

注释掉auth_key就行了

Is4b3lla3 commented 2 years ago

注释掉auth_key就行了

应该是去掉authkey的注释

lishiren-admin commented 2 years ago

不用去掉注释,把 auth_key 和auth_crypt_key 同时注释即可

JAXo-China commented 2 years ago

然并卵？

Jireh012 commented 2 years ago

https://jireh.xyz/articles/2022/08/10/1660122191957.html

carr0t2 commented 2 years ago

https://github.com/carr0t2/nps-auth-bypass

suka23333 commented 2 years ago

是不是还有其它漏洞,按照教程修复了,有个叼毛还能一直RDP攻击我,擦

JAXo-China commented 2 years ago

是不是还有其它漏洞,按照教程修复了,有个叼毛还能一直RDP攻击我,擦

跟你一样，CPU飙起来。。。

yisier commented 1 year ago

https://github.com/yisier/nps/releases/tag/v0.26.14