search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.35k stars 2.65k forks source link

Unauthorized-zookeeper #11076

Open h1thub opened 1 month ago

h1thub commented 1 month ago

Is there an existing template for this?

Template requests

The existing exposed-zookeeper.yaml PoC only uses Zookeeper's four-letter commands to verify the existence of the vulnerability. However, this approach has a significant limitation: if the target Zookeeper instance employs a whitelist to restrict certain four-letter commands, it may lead to a situation where the unauthorized access vulnerability actually exists, but is not detected. Therefore, we are modifying the new PoC as follows, with the relevant details provided below.

https://github.com/h1thub/Unauthorized-zookeeper

Anything else?

No response

ritikchaddha commented 1 week ago

Hello @h1thub, thank you for your help in updating the template. We will review it and update you shortly.