漏洞信息
漏洞名称: OAuth 2.0 Authorization Server Metadata Exposure
漏洞类型: 信息泄露
漏洞等级: 中危
漏洞描述: 该漏洞涉及OAuth 2.0授权服务器的元数据暴露问题,根据RFC 8414标准,OAuth 2.0授权服务器会在/.well-known/oauth-authorization-server路径下公开其元数据。这些元数据包含了服务器的实现细节和策略信息,如issuer和authorization_endpoint等。攻击者可以利用这些信息进行进一步的攻击准备,如识别服务器使用的特定实现或策略,从而可能发现其他安全漏洞。虽然这种暴露本身不直接导致远程代码执行或数据泄露,但它为攻击者提供了宝贵的信息,增加了系统被攻击的风险。此漏洞不需要认证即可利用,且可以通过自动化工具轻松检测。
产品名称: OAuth 2.0 Authorization Server
搜索语法: inurl:”/.well-known/oauth-authorization-server”
来源: https://github.com/projectdiscovery/nuclei-templates/blob/47d7dc2b54f3fada1d3d0018bbe310cf30b385d2/http%2Fmiscellaneous%2Foauth-authorization-server-exposure.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
id: oauth-authorization-server-exposure
info:
name: Well-Known OAuth Authorization Server Metadata
author: rxerium
severity: info
description: Detects OAuth 2.0 Authorization Server metadata (RFC 8414).
impact: |
Presence of this well-known resource can expose implementation details or policies.
reference:
- https://www.rfc-editor.org/rfc/rfc8414
metadata:
max-request: 1
google-query: inurl:"/.well-known/oauth-authorization-server"
tags: well-known,oauth,oidc,security,rfc8414
http:
- method: GET
path:
- "{{BaseURL}}/.well-known/oauth-authorization-server"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "issuer"
- "authorization_endpoint"
condition: and
|