Closed c-sh0 closed 2 years ago
@c-sh0 thanks for the template contribution, it looks like we already we have a template nuclei-templates/misconfiguration/unauthenticated-influxdb.yaml
will add you as the author to the original template and move the template to CVE directory :)
@DhiyaneshGeek, sorry for the late reply, The updated template is mis-leading as in "missing auth" where as, the template I provided here is actually an authentication bypass (ie: Vulnerable version of InFluxDB with authentication enabled) Note the above provided JWT auth token contains no shared secret.
Template Information:
CVE-2019-20933: InfluxDB before 1.7.6 has an authentication bypass vulnerability
An example
admin
user token with an empty shared secret and an expiration date of: 9999999/12/31eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjozMTU1MDczNTI3MTYwMDB9.iny1LZi559E8IiXmKr9sT4Vu4z_iAWKHQniMoySUJNI
Nuclei Template: