Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37580 PoC — Apache ShenYu Admin bypass JWT authentication

Source
https://github.com/rabbitsafe/CVE-2021-37580
Associated Vulnerability
Title:Apache ShenYu Admin bypass JWT authentication (CVE-2021-37580)
Description:A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Readme
Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。
Apache ShenYu 是应用于所有微服务场景的,可扩展、高性能、响应式的 API 网关解决方案。

Apache ShenYu Admin 存在身份验证绕过漏洞。 ShenyuAdminBootstrap 中 JWT 的错误使用允许攻击者绕过身份验证,攻击者可通过该漏洞直接进入系统后台。

CVE 编号   CVE-2021-37580

fofa:fid="uPGDN6V9UWnc+KJdy5wdkQ=="

影响版本:
Apache ShenYu 2.3.0
Apache ShenYu 2.4.0

漏洞复现
GET /dashboardUser
生成jwt带入head,发送数据包
![image](https://github.com/rabbitsafe/CVE-2021-37580/blob/main/11.jpg)
通过返回数据包,可获取管理员帐号和口令,登录系统后台

扫描脚本CVE-2021-37580.py需要pocsuite3环境,需要安装jwt,命令python3 -m pip install jwt
![image](https://github.com/rabbitsafe/CVE-2021-37580/blob/main/22.jpg)
File Snapshot

 [4.0K]  /data/pocs/1c9bfb06a10bb9c5b143d3c10db6ffecd861587e
├── [115K]  11.jpg
├── [ 85K]  22.jpg
├── [2.6K]  CVE-2021-37580-Unauthorized.py
└── [ 976]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →