qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/jumpserver-unauth-rce.yml

34 lines
1.4 KiB
YAML
Raw Normal View History

修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml
2021-02-25 03:53:58 -08:00
name: poc-yaml-jumpserver-unauth-rce
set:
r1: randomLowercase(5)
优化xray解析模块,支持groups、新增poc
2021-11-15 19:53:46 -08:00
groups:
users:
- method: GET
path: /api/v1/users/connection-token/
follow_redirects: false
expression: |
response.status == 401 && response.content_type.contains("application/json") && response.body.bcontains(b"not_authenticated")
- method: GET
path: /api/v1/users/connection-token/?user-only={{r1}}
follow_redirects: false
expression: |
response.status == 404 && response.content_type.contains("application/json") && response.body.bcontains(b"\"\"")
authentication:
- method: GET
path: /api/v1/authentication/connection-token/
follow_redirects: false
expression: |
response.status == 401 && response.content_type.contains("application/json") && response.body.bcontains(b"not_authenticated")
- method: GET
path: /api/v1/authentication/connection-token/?user-only={{r1}}
follow_redirects: false
expression: |
response.status == 404 && response.content_type.contains("application/json") && response.body.bcontains(b"\"\"")
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml
2021-02-25 03:53:58 -08:00
detail:
author: mvhz81
info: jumpserver unauth read logfile + jumpserver rce
links:
- https://s.tencent.com/research/bsafe/1228.html
- https://mp.weixin.qq.com/s/KGRU47o7JtbgOC9xwLJARw
- https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh