From d05641a7fcef0e3406b6c930bd6eb186eb621407 Mon Sep 17 00:00:00 2001
From: RJ45_LAB <91420400+INT2ECALL@users.noreply.github.com>
Date: Mon, 17 Feb 2025 17:37:49 +0800
Subject: [PATCH] Update etcd-v3-unauth.yml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修复误报
---
 WebScan/pocs/etcd-v3-unauth.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/WebScan/pocs/etcd-v3-unauth.yml b/WebScan/pocs/etcd-v3-unauth.yml
index 1245900..d9a87d2 100644
--- a/WebScan/pocs/etcd-v3-unauth.yml
+++ b/WebScan/pocs/etcd-v3-unauth.yml
@@ -1,12 +1,14 @@
-name: poc-yaml-etcd-v3-unauth
+name: ETCD V3未授权
 rules:
-  - method: GET
-    path: /version
+  - method: POST
+    path: /v3/kv/range
     follow_redirects: false
+    Content-Type: application/json;charset=utf-8
     expression: |
-      response.status == 200 && response.body.bcontains(b"etcdserver")
-
+      response.status == 200 && response.body.bcontains(b"cluster")  && response.body.bcontains(b"head")
+    body: |
+      {"key": "bmFtZQ=="}
 detail:
   author: rj45(https://github.com/INT2ECALL)
   links:
-    - https://networksec.blog.csdn.net/article/details/144912358?spm=1001.2014.3001.5502
\ No newline at end of file
+    - https://networksec.blog.csdn.net/article/details/144912358?spm=1001.2014.3001.5502