Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16097 PoC — Harbor 权限许可和访问控制问题漏洞

Source
https://github.com/dacade/cve-2019-16097
Associated Vulnerability
Title:Harbor 权限许可和访问控制问题漏洞 (CVE-2019-16097)
Description:core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
Description
cve-2019-1609
Readme
# cve-2019-16097

1.在urls.txt中添加你要检测的url

2.python3环境下运行cve-2019-16097脚本
python3 cve-2019-16097.py

3.批量检测完成后再results中查看成功写入账号的url。
File Snapshot

 [4.0K]  /data/pocs/39ef8066836dbede1648e0ddc60ec3b6ccdd5648
├── [1.2K]  cve-2019-16097.py
├── [ 202]  README.md
├── [   0]  results.txt
└── [  83]  urls.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →