Skip to content

Unauthorized-zookeeper #11076

New issue
New issue
Open
Open
Unauthorized-zookeeper#11076
Assignees
ritikchaddha
Labels
Status: In ProgressThis issue is being worked on, and has someone assigned.template-requestsRequest for new Nuclei templates to be created
@h1thub

Description

@h1thub
h1thub
opened on Oct 23, 2024

Is there an existing template for this?

  • I have searched the existing templates.

Template requests

The existing exposed-zookeeper.yaml PoC only uses Zookeeper's four-letter commands to verify the existence of the vulnerability. However, this approach has a significant limitation: if the target Zookeeper instance employs a whitelist to restrict certain four-letter commands, it may lead to a situation where the unauthorized access vulnerability actually exists, but is not detected. Therefore, we are modifying the new PoC as follows, with the relevant details provided below.

https://github.com/h1thub/Unauthorized-zookeeper

Anything else?

No response

Metadata

Metadata

Assignees

Labels

Status: In ProgressThis issue is being worked on, and has someone assigned.template-requestsRequest for new Nuclei templates to be created

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions