Skip to content

Instantly share code, notes, and snippets.

@Sholway
Last active October 13, 2023 01:11
Show Gist options
  • Save Sholway/93f05987dbf35c15c26de32b1e5590ec to your computer and use it in GitHub Desktop.
Save Sholway/93f05987dbf35c15c26de32b1e5590ec to your computer and use it in GitHub Desktop.
CVE-2023-40833
[CVE ID]
CVE-2023-40833
[PRODUCT]
icecms
[VERSION]
v1.0.0
[Vulnerability TYPE]
Insecure Permissions
[Root Cause]
The icecms allows anyone to browser getSetting api,like my local test environment http://localhost:8181/WebSitting/getSetting,
and official website url:https://www.macwk.cc/api/Sitting/getCosSetting.
The official website content is :
{
"id": 1,
"beian": "鲁ICP备19036164号",
"banquan": "Macwk.com © 2019. All rights reserved.",
"comment_show": false,
"sitTitle": "CMS",
"sitLogo": "",
"imageFormat": false,
"cosIntage": "https://icewk-1305088812.cos.ap-nanjing.myqcloud.com",
"cosBucketName": "icewk-1305088812",
"cosSecretId": "AKIDjDRQDrRXcA7TfQNk9LO3EJchbFeneY4U",
"cosSecretKey": "blgxyuiIfnCLaZXH5i6FB4gmDPilY8zb",
"cosClientConfig": "ap-nanjing",
"isCos": false
}
An attacker can obtain the following credentials from the content above:"cosSecretId": "AKIDjDRQDrRXcA7TfQNk9LO3EJchbFeneY4U","cosSecretKey": "blgxyuiIfnCLaZXH5i6FB4gmDPilY8zb",
From the mentioned link (cosIntage) link, we can deduce that the official website is using Elastic Compute Cloud provided by Tencent Cloud platform similar to the AWS cloud platform.
By using the tool provided at https://wiki.teamssix.com/cf/,an attacker can take control of the official user's Tencent cloud platform console and gain access to all cloud services.
[Impact]
An attacker can take control of the official user's Tencent cloud platform console can poweroff the server and gain access to all cloud services.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment