Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-28432 PoC — Minio Information Disclosure in Cluster Deployment

Source
https://github.com/unam4/CVE-2023-28432-minio_update_rce
Associated Vulnerability
Title:Minio Information Disclosure in Cluster Deployment (CVE-2023-28432)
Description:Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Description
https://github.com/AbelChe/evil_minio/tree/main 打包留存
Readme
# minio-CVE-2023-28432-rce
https://github.com/AbelChe/evil_minio/tree/main  项目原地址
个人打包留存
影响版本 2019-12-17T23-16-33Z 到 RELEASE.2023-03-20T20-16-18Z

复现:https://www.yuque.com/jason-soozc/luhd40/pgabr9xvg0kgx85v?singleDoc# 《minlo未授权到rce 集群模式》

GLOBAL backdoor as http://1.2.3.4/?alive=whoami and http://1.2.3.4/anything?alive=whoami

![image](https://github.com/Fw-fW-fw/minio-CVE-2023-28432-rce/assets/66824584/96a1f189-2724-4898-8a45-70c58b632de4)

免责声明: 本工具仅供安全研究使用,请勿利用从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。
File Snapshot

 [4.0K]  /data/pocs/de9ff33d954e547c827f559c062e9648b9d5ee5a
├── [ 12M]  CVE-2023-28432 minio 接口未授权访问到无损RCE和全局后门.pdf
└── [ 759]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →