From b8a591920b7c12e5a2e992bce7432a1320d91f04 Mon Sep 17 00:00:00 2001 From: r00t <24542600+adeljck@users.noreply.github.com> Date: Sun, 26 Jan 2025 22:02:59 +0800 Subject: [PATCH 1/3] Update springboot-cve-2021-21234.yml Update springboot-cve-2021-21234.yml --- WebScan/pocs/springboot-cve-2021-21234.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/WebScan/pocs/springboot-cve-2021-21234.yml b/WebScan/pocs/springboot-cve-2021-21234.yml index 6bf8103..d10f5fa 100644 --- a/WebScan/pocs/springboot-cve-2021-21234.yml +++ b/WebScan/pocs/springboot-cve-2021-21234.yml @@ -3,19 +3,19 @@ groups: spring1: - method: GET path: /manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../ - expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") + expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") && !response.body.bcontains(b" Date: Fri, 7 Feb 2025 19:14:07 +0800 Subject: [PATCH 2/3] Update mysql.go Added a loop for databases to prevent certain non-existing mysql databases from being assumed not to have weak passwords --- Plugins/mysql.go | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/Plugins/mysql.go b/Plugins/mysql.go index db3e440..44a74b0 100644 --- a/Plugins/mysql.go +++ b/Plugins/mysql.go @@ -39,19 +39,23 @@ func MysqlScan(info *common.HostInfo) (tmperr error) { func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second) - db, err := sql.Open("mysql", dataSourceName) - if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) - db.SetMaxIdleConns(0) - defer db.Close() - err = db.Ping() + for _, database := range []string{"mysql", "information_schema"} { + dsn := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8&timeout=%v", Username, Password, Host, Port, database, time.Duration(common.Timeout)*time.Second) + db, err := sql.Open("mysql", dsn) if err == nil { - result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) - common.LogSuccess(result) - flag = true + db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetMaxIdleConns(0) + err = db.Ping() + if err == nil { + result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) + common.LogSuccess(result) + flag = true + _ = db.Close() + break + } } + _ = db.Close() } return flag, err } From 3ae0f306c14e7d372f69423b302858ae87f5f2ce Mon Sep 17 00:00:00 2001 From: r00t <24542600+adeljck@users.noreply.github.com> Date: Fri, 7 Feb 2025 19:21:45 +0800 Subject: [PATCH 3/3] Revert "Update mysql.go" This reverts commit cc9d292bddc90ab64b492ce50b3e2e0fa528be5a. --- Plugins/mysql.go | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/Plugins/mysql.go b/Plugins/mysql.go index 44a74b0..db3e440 100644 --- a/Plugins/mysql.go +++ b/Plugins/mysql.go @@ -39,23 +39,19 @@ func MysqlScan(info *common.HostInfo) (tmperr error) { func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - for _, database := range []string{"mysql", "information_schema"} { - dsn := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8&timeout=%v", Username, Password, Host, Port, database, time.Duration(common.Timeout)*time.Second) - db, err := sql.Open("mysql", dsn) + dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second) + db, err := sql.Open("mysql", dataSourceName) + if err == nil { + db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetMaxIdleConns(0) + defer db.Close() + err = db.Ping() if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) - db.SetMaxIdleConns(0) - err = db.Ping() - if err == nil { - result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) - common.LogSuccess(result) - flag = true - _ = db.Close() - break - } + result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) + common.LogSuccess(result) + flag = true } - _ = db.Close() } return flag, err }