ClickHouse - Unauthorized Access

ID: clickhouse-unauth

Severity: high

Author: lu4nx

Tags: network,clickhouse,unauth,misconfig,tcp

Description

ClickHouse was able to be accessed with no required authentication in place.

YAML Source

id: clickhouse-unauth

info:
  name: ClickHouse - Unauthorized Access
  author: lu4nx
  severity: high
  description: ClickHouse was able to be accessed with no required authentication in place.
  metadata:
    max-request: 1
  tags: network,clickhouse,unauth,misconfig,tcp

tcp:
  - inputs:
      # 0011436c69636b486f75736520636c69656e741508b1a9030007 is header
      # 64656661756c74 = default
      - data: 0011436c69636b486f75736520636c69656e741508b1a903000764656661756c7400
        type: hex

    host:
      - "{{Hostname}}"
    port: 9000

    read-size: 100
    matchers:
      - type: word
        words:
          - "ClickHouse"
          - "UTC"
        condition: and
# digest: 490a00463044022014a8593191155259ac15025840d84e5a12d7134ac9661afc5875bbda5f60cc09022051055c7bf869c68a43fe761cd696c580dea876262f9716883f6b6ca08434adfb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "network/misconfig/clickhouse-unauth.yaml"

View on Github