mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-14 05:12:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #70 from canc3s/main

Browse Source 
add weblogic-console-weak
This commit is contained in:
影舞者 2021-06-21 17:30:29 +08:00 committed by GitHub
commit ceb585d018
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
WebScan/pocs/poc-yaml-weblogic-console-weak.yml Normal file
View File

@ -0,0 +1,29 @@
name: poc-yaml-weblogic-console-weak
sets:
username:
- weblogic
password:
- weblogic
- weblogic1
- welcome1
- Oracle@123
- weblogic123
payload:
- UTF-8
rules:
- method: HEAD
path: /console/j_security_check
follow_redirects: false
expression: |
response.status == 302 && response.headers['Set-Cookie'].contains("ADMINCONSOLESESSION")
- method: POST
path: /console/j_security_check
follow_redirects: false
headers:
Content-type: application/x-www-form-urlencoded
body: |
j_username={{username}}&j_password={{password}}&j_character_encoding={{payload}}
expression: |
!response.body.bcontains(b"LoginForm.jsp")
detail:
author: shadown1ng(https://github.com/shadown1ng)

8
WebScan/pocs/tomcat-manager-week.yml → WebScan/pocs/tomcat-manager-weak.yml
View File

@ -1,12 +1,16 @@
name: poc-yaml-tomcat-manager-week
name: poc-yaml-tomcat-manager-weak
sets:
username:
- tomcat
- admin
- root
- manager
password:
- tomcat
- ""
- admin
- tomcat
- 123456
- root
payload:
- base64(username+":"+password)
rules: