STRLCPY/afrog

add poc list
zan8in committed 2 years ago

77747687

1 parent de2405c3

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

POCLIST.md

1	+	# PoC List
2	+	```
3	+	泛微OA E-Cology LoginSSO.jsp SQL注入漏洞
4	+	泛微OA E-Office UploadFile.php 任意文件上传漏洞
5	+	泛微OA E-Office officeserver.php 任意文件读取漏洞
6	+	蓝凌OA admin.do JNDI远程命令执行
7	+	华天动力OA 8000版 workFlowService SQL注入漏洞
8	+	用友 GRP-U8 Proxy SQL注入
9	+	致远OA A6 config.jsp 敏感信息泄漏漏洞
10	+	致远OA A6 createMysql.jsp 数据库敏感信息泄露
11	+	致远OA A6 setextno.jsp SQL注入漏洞
12	+	致远OA A8 status.jsp 信息泄露漏洞
13	+	致远OA A8 htmlofficeservlet 任意文件上传漏洞
14	+	通达OA v11.6 insert SQL注入漏洞
15	+	通达OA v11.5 logincheck_code.php 登陆绕过漏洞
16	+	通达OA v11.6 report_bi.func.php SQL注入漏洞
17	+	通达OA v11.5 swfupload_new.php SQL注入漏洞
18	+	通达OA User Session Disclosure
19	+	通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞
20	+	通达OA v2017 action_upload.php 任意文件上传漏洞
21	+	万户OA download_ftp.jsp 任意文件下载漏洞
22	+	万户OA download_old.jsp 任意文件下载漏洞
23	+	万户OA downloadhttp.jsp 任意文件下载漏洞
24	+	万户OA smartUpload.jsp 任意文件上传漏洞
25	+	一米OA getfile.jsp 任意文件读取漏洞
26	+	用友 FE协作办公平台 templateOfTaohong_manager.jsp 目录遍历漏洞
27	+	Office Anywhere TongDa - Path Traversal
28	+	金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞
29	+	金和OA C6 download.jsp 任意文件读取漏洞
30	+	帆软报表 V9 design_save_svg 任意文件覆盖文件上传
31	+	红帆OA ioFileExport.aspx 任意文件读取漏洞
32	+	帆软报表 V8 get_geo_json 任意文件读取漏洞
33	+	智明 SmartOA EmailDownload.ashx 任意文件下载漏洞
34	+	FanRuanOA-detect
35	+	Apache ActiveMQ Panel
36	+	Adminer Login Panel
37	+	Apache APISIX Login Panel
38	+	Avtech AVN801 Network Camera Panel Detect
39	+	Detect Azure Kubernetes Service
40	+	DirectAdmin Login Panel Detect
41	+	Python Django Admin Panel
42	+	DLink Panel
43	+	Apache dubbo detect
44	+	Emessage Panel
45	+	Fckeditor Detect
46	+	GitLab Panel
47	+	Grafana Panel
48	+	Huawei HG532e Detection
49	+	Jenkins API Instance Detection Template
50	+	Jenkins Login Detected
51	+	Jira Panel
52	+	jupyter-notebook-tech
53	+	Kubernetes Console Exposure
54	+	Detect Kubernetes Enterprise Manager
55	+	Detect Kubernetes Exposed Metrics
56	+	Detect Mirantis Kubernetes Engine
57	+	Detect Overview Kubernetes Resource Report
58	+	Kubernetes Version Exposure
59	+	LandrayOA Panel Login
60	+	Microsoft Exchange Control Panel
61	+	MinIO Browser
62	+	MinIO Console
63	+	MongoDB Ops Manager
64	+	OpenERP database instances
65	+	phpMyAdmin Panel
66	+	RabbitMQ Dashboard
67	+	Apache RocketMQ Console Exposure
68	+	Shiro detect
69	+	SolarWinds Orion Panel
70	+	SonicWall Management Panel
71	+	SonicWall Virtual Office SSLVPN Panel
72	+	Public Swagger API Desclosure
73	+	TerraMaster Login Panel
74	+	ThinkPHP detect
75	+	Apache Tomcat Detect
76	+	UPUPW-PHP 探针
77	+	UTT 艾泰网络管理系统
78	+	WAYOS-智能路由管理系统
79	+	Weblogic Login Panel
80	+	WordPress login
81	+	Zabbix Login Panel
82	+	Zentao detect
83	+	Alibaba Canal Information Leak
84	+	ASPCMS Backend Leak
85	+	Avtech AVC798HA DVR Information Exposure
86	+	AVTECH 视频监控设备认证绕过
87	+	Dlink 850l Information Disclosure
88	+	泛微OA E-Office mysql_config.ini 数据库信息泄漏
89	+	go-pprof-leak
90	+	Apache Hadoop Disclosure
91	+	hikvision-info-leak
92	+	Hjtcloud Directory File Leak
93	+	Huawei DG8045 deviceinfo 信息泄漏漏洞
94	+	Kyan Network Monitoring Account Password Leakage
95	+	Laravel Debug Info Leak
96	+	Nsfocus uts password leak
97	+	OpenVPN Monitor Disclosure
98	+	phpinfo Disclosure
99	+	Ruijie EG Information Disaclosure
100	+	ruijie-nbr1300g-cli-password-leak
101	+	Ruijie smartweb password information disclosure
102	+	seeyon-a6-employee-info-leak
103	+	seeyon-oa-cookie-leak
104	+	seeyon-session-leak
105	+	ThinkPHP 5.0.9 Information Disclosure
106	+	Tianqing Info Leak
107	+	Airflow Unauth
108	+	BT742 PMA Unauthorized Access
109	+	CouchDB Unauthorized
110	+	Druid Monitor Unauth
111	+	Elasticsearch Unauth
112	+	ETCD Unauth
113	+	frp dashboard unauth
114	+	H2 Database Web Console Unauthorized Access
115	+	Hadoop Yarn Unauth
116	+	HP office pro printer Unauthorized
117	+	Influxdb Unauth
118	+	JBoss Unauth
119	+	Jeecg Boot Unauth
120	+	jenkins-unauthorized-access
121	+	Jira Service Desk Signup
122	+	Jira Unauthenticated Admin Projects
123	+	Jira Unauthenticated Dashboards
124	+	Jira Unauthenticated Installed gadgets
125	+	Jira Unauthenticated Project Categories
126	+	Jira Unauthenticated Projects
127	+	Jira Unauthenticated Resolutions
128	+	Jira Unauthenticated Access to screens
129	+	Jira Unauthenticated User Picker
130	+	Jupyter Notebook Unauthorized Access
131	+	Kafka Manager Unauth
132	+	Kibana Unauth
133	+	kubernetes Unauth
134	+	Alibaba Nacos V1 Auth Bypass
135	+	Apache Nifi Api Unauthorized Access
136	+	Pyspider Unauthorized Access
137	+	qizhi fortressaircraft unauthorized
138	+	若依管理系统未授权访问
139	+	seeyon-ajax-unauthorized-access
140	+	spark Api Unauth
141	+	Spark WebUI Unauthenticated
142	+	Springboot Actuator Unauth
143	+	Apache Storm Unauthorized Access
144	+	Tensorboard Unauth
145	+	Tongda Meeting Unauthorized Access
146	+	Zabbix authentication Bypass
147	+	Zabbix Dashboards Access
148	+	ActiveMQ Default Password
149	+	Alibaba Canal Default Password
150	+	Apache Ambari Default Password
151	+	华为Aolynk BR304+ 智能安全路由器默认口令
152	+	ARL Default Login
153	+	Axis2 Default Login
154	+	Azkaban Web Client Default Credential
155	+	China Unicom Modem Default Login
156	+	datang-ac-default-password-CNVD-2021-04128
157	+	DELL iDRAC9 Default Login
158	+	DLink Default Password
159	+	Dubbo Admin Default Password
160	+	ExacqVision Default Login
161	+	Gitlab Default Login
162	+	Grafana Default Password
163	+	Hikvision Intercom Service Default Password
164	+	IBM Storage Management Default Login
165	+	Jenkins Default Password
166	+	Jinher OA C6 Default Password
167	+	JBoss JMX Console Weak Credential
168	+	Apache Kafka Center Default Password
169	+	Kingsoft V8 Default Password
170	+	Minio Default Password
171	+	MOFI4500-4GXeLTE-V2 Default Login
172	+	Netentsec Icg Default Password
173	+	Nexus Default Password
174	+	Nps Default Password
175	+	Nsicg Default Password
176	+	Apache OfBiz Default Login
177	+	Openerp Default Password
178	+	Oracle Business Intelligence Default Login
179	+	Panabit Gateway Default Password
180	+	Panabit Ixcache Default Password
181	+	RabbitMQ Default Password
182	+	Rancher Default Login
183	+	Ricoh Weak Password
184	+	Rockmongo Default Password
185	+	Advantech R-SeeNet Default Login
186	+	Secnet AC Default Password
187	+	SeedDMS Default Credential
188	+	Showdoc Default Password
189	+	Spectracom Default Login
190	+	Telecom Gateway Default Password
191	+	Apahce Tomcat Manager Default Login
192	+	Trilithic Viewpoint Default Login
193	+	utt-default-password
194	+	Versa Networks SD-WAN Application Default Login
195	+	wayos-default-password
196	+	WebLogic Default Login
197	+	Xerox WorkCentre 7xxx - Default Login
198	+	Zabbix Default Password
199	+	Amtt hiboss Server Ping RCE
200	+	Anyproxy 目录穿越导致任意文件读取
201	+	Cacti Weathermap File Write
202	+	Consul rexec RCE
203	+	Consul Service RCE
204	+	CouchDB Admin Party
205	+	大华城市安防监控系统平台管理 attachment_downloadByUrlAtt.action 任意文件下载漏洞
206	+	DEDECMS Carbuyaction File Include
207	+	DEDECMS Guestbook sqli
208	+	DEDECMS Membergroup sqli
209	+	DedeCMS URL Redirection
210	+	Discuz V72 sqli
211	+	Discuz Wechat Plugins Unauth
212	+	Dlink dsl 2888a rce
213	+	Docker Registry Listing
214	+	Docker Remote API
215	+	Detect .dockercfg
216	+	DotnetCMS sqli
217	+	Duomicms sqli
218	+	泛微OA E-Bridge saveYZJFile 任意文件读取
219	+	Ecology arbitrary file upload
220	+	ecology filedownload directory traversal
221	+	泛微OA E-Cology getSqlData SQL注入漏洞
222	+	ecology springframework directory traversal
223	+	ecology syncuserinfo sqli
224	+	ecology v8 sqli
225	+	ecology validate sqli
226	+	ecology workflow center tree data sqli
227	+	ECshop Collection List sqli
228	+	ECshop RCE
229	+	eGroupWare spellchecker.php 远程命令执行
230	+	ETouch v2 sqli
231	+	FangweiCMS sqli
232	+	FeiFeiCMS lfr
233	+	FineCMS sqli
234	+	Finereport Directory Traversal
235	+	Apache Flink Unauth RCE
236	+	Grafana v8.x Arbitrary File Read
237	+	H3C imc RCE
238	+	H3C Secparh Any User Login
239	+	Hanming Video Conferencing File Read
240	+	HjtCloud Arbitrary File Read
241	+	Huawei Home Gateway Hg659 Fileread
242	+	Huijietong Cloud File Read
243	+	IIS Put Getshell
244	+	Jeewms Showordownbyurl fileread
245	+	Joomla Component Vreview sql
246	+	Jumpserver Unauth RCE
247	+	Kingdee EAS Directory Traversal
248	+	Kingsoft V8 File Read
249	+	landray-oa-custom-jsp-fileread
250	+	蓝凌OA sysSearchMain.do 远程命令执行
251	+	Laravel Improper Webdir
252	+	Maccms RCE
253	+	Maccmsv10 Backdoor
254	+	Metinfo file read
255	+	Mpsec isg1000 file read
256	+	msvod sqli
257	+	myucms lfr
258	+	Natshell Arbitrary File Read
259	+	Netentsec Ngfw RCE
260	+	Ns Asg file read
261	+	Nuuo file inclusion
262	+	Odoo file read
263	+	Pbootcms Database File Download
264	+	Phpmyadmin Setup Deserialization
265	+	phpok sqli
266	+	phpshe sqli
267	+	Phpstudy backdoor rce
268	+	Phpstudy Nginx Wrong Resolve
269	+	Powercreator Arbitrary file upload
270	+	qibocms sqli
271	+	qilin bastion host rce
272	+	resin inputfile fileread
273	+	resin viewfile fileread
274	+	ruijie-eg-cli-rce
275	+	ruijie-eg-file-read
276	+	Ruoyi Management Fileread
277	+	Samsung Wea453e Default Password
278	+	Samsung Wea453e RCE
279	+	Samsung Wlan AP Wea453e RCE
280	+	sangfor-ba-rce
281	+	sangfor-edr-arbitrary-admin-login
282	+	sangfor-edr-cssp-rce
283	+	sangfor-edr-tool-rce
284	+	Seacms Before V992 RCE
285	+	SeaCMS RCE
286	+	SeaCMS sqli
287	+	SeaCMS V654 RCE
288	+	SeaCMS V645 RCE
289	+	seeyon session upload webshell
290	+	seeyon wooyun 2015 0108235 sqli
291	+	Seeyon WooYun LFR
292	+	shiziyu cms apicontroller sqli
293	+	Showdoc Uploadfile
294	+	Solr Admin Query Page
295	+	Apache Solr <= 8.8.1 Arbitrary File Read
296	+	Apache Solr Log4j RCE
297	+	Sonicwall SSL VPN RCE
298	+	Spon Ip Intercom File Read
299	+	Spon Ip Intercom Ping RCE
300	+	Spring Cloud Function SPEL 远程命令执行漏洞
301	+	Spring Boot H2 Database RCE
302	+	Tamronos iptv rce
303	+	Selea Targa IP OCR-ANPR Camera - Unauthenticated Directory Traversal
304	+	Thinkadmin v6 readfile
305	+	Thinkcmf lfi
306	+	Thinkcmf write shell
307	+	ThinkPHP 2 3 's' Parameter RCE
308	+	ThinkPHP 5.0.1 RCE
309	+	ThinkPHP 5.0.22 RCE
310	+	ThinkPHP 5.0.23 RCE
311	+	thinkphp-v6-file-write
312	+	Tpshop Directory Traversal
313	+	Tpshop sqli
314	+	Typecho rce
315	+	UniFi Network Log4j JNDI RCE
316	+	和信云桌面未授权任意文件上传
317	+	Vmware Vcenter Arbitrary file read
318	+	VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
319	+	万户 OA Upload RCE
320	+	weblogic ssrf
321	+	Weiphp Path Traversal
322	+	weiphp sql
323	+	Discuz Command Execution
324	+	Wordpress Ext Adaptive Images lfi
325	+	Wordpress Ext Mailpress RCE
326	+	WuzhiCMS V410 sqli
327	+	Xdcms sql
328	+	Yapi RCE
329	+	YcCMS RCE
330	+	Yongyou U8 OA sqli
331	+	Yonyou Grp U8 sqli to rce
332	+	Yonyou Grp U8 sqli
333	+	Yonyou NC Arbitrary file upload
334	+	yonyou-nc-bsh-servlet-bshservlet-rce
335	+	YungouCMS sqli
336	+	zcms v3 sqli
337	+	ZzCMS zsmanage sqli
338	+	Caucho Resin Information Disclosure
339	+	Ueditor编辑器.net版本存在文件上传漏洞
340	+	Metinfo file read
341	+	Xiuno BBS CNVD-2019-01348
342	+	Coremail Information Disclosure
343	+	Discuz!ML 3.x 任意代码执行
344	+	泛微OA E-Cology BshServlet 远程代码执行漏洞
345	+	Joomla configuration.php RCE
346	+	Xxunchi Local File read
347	+	e-zkeco-CNVD-2020-57264-read-file
348	+	ecshop-CNVD-2020-58823-sqli
349	+	致远oa系统存在任意文件读取漏洞
350	+	H5S CONSOLE 存在未授权访问
351	+	Datang AC Default Password
352	+	锐捷网络股份有限公司NBR路由器EWEB网管系统存在命令执行漏洞
353	+	EEA Information Disclosure
354	+	Ruijie RG-UAC Information Disclosure
355	+	ShopXO File Read
356	+	EmpireCMS DOM Cross Site-Scripting
357	+	Wifisky Default Password
358	+	JBoss CVE-2010-1871
359	+	Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
360	+	PHP CGI v5.3.12/5.4.2 RCE
361	+	Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (S2-016)
362	+	Elasticsearch CVE-2014-3120
363	+	Drupal SQL Injection
364	+	ShellShock - Remote Code Execution
365	+	Elasticsearch CVE-2015-1427
366	+	Elasticsearch CVE-2015-3337
367	+	Elasticsearch CVE-2015-5531
368	+	Joomla Core SQL Injection
369	+	Atlassian Confluence configuration files read
370	+	Zabbix CVE-2016-10134
371	+	Apache S2-032 Struts RCE
372	+	ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)
373	+	Spring Security OAuth2 Remote Command Execution
374	+	GlassFish LFI
375	+	WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271
376	+	Supervisor XMLRPC Exec
377	+	Java/Jboss Deserialization [RCE]
378	+	Apache Tomcat RCE
379	+	Apache Solr <= 7.1 XML entity injection
380	+	CouchDB CVE-2017-12635
381	+	Nextjs v2.4.1 LFI
382	+	Bypassing Authentication on NETGEAR Routers
383	+	JBoss 4.x JBossMQ JMS 反序列化漏洞
384	+	Hikvision CVE-2017-7921
385	+	Joomla SQL Injection
386	+	Apache Struts2 S2-053 RCE
387	+	phpunit rce
388	+	GitList < 0.6.0 RCE
389	+	Pre-auth Fully-responded SSRF
390	+	Jenkins 2.138 Remote Command Execution
391	+	Nagios XI commandline.php SQL Inject
392	+	Nagios XI SQL Inject
393	+	Nagios XI SQL Inject
394	+	Nagios XI before 5.4.13 SQL Inject
395	+	FlexPaper PHP Publish Service RCE
396	+	Apache Tomcat JK Status Manager Access
397	+	PhpMyAdmin 4.8.1 Remote File Inclusion
398	+	FortiOS - Credentials Disclosure
399	+	Kibana Local File Inclusion
400	+	PHPCMS 2008 Remote Code Execution
401	+	Ruby On Rails Path Traversal
402	+	Joomla Ext zhbaidumap sql inject
403	+	DedeCMS 5.7 Web Path Disclosure
404	+	Joomla SQL Inject
405	+	uWSGI PHP Plugin Directory Traversal
406	+	Drupal Drupalgeddon 2 RCE
407	+	Couchcms 2.0 Dictionary Disclosure
408	+	Dedecms V5.7 后台任意代码执行
409	+	Apache OFBiz XXE
410	+	Cobub Razor 0.8.0 Physical path Leakage Vulnerability
411	+	DVR Authentication Bypass
412	+	Apache Solr Remote Code Execution
413	+	Mongo-Express Remote Code Execution - CVE-2019-10758
414	+	Pulse Connect Secure SSL VPN Arbitrary File Read
415	+	Jira 未授权服务端模板注入
416	+	Zeroshell 3.9.0 Remote Command Execution
417	+	Webmin <= 1.920 Unauthenticated Remote Command Execution
418	+	Harbor Enables Privilege Escalation From Zero to admin
419	+	Nostromo 1.9.6 - Remote Code Execution
420	+	ifw8 Router ROM v4.31 Credential Discovery
421	+	rConfig v3.9.2 RCE
422	+	vBulletin v5.0.0-v5.5.4 Remote Command Execution
423	+	D-Link Unauthenticated remote code
424	+	Metinfo 7.0.0beta SQL Inject
425	+	Metinfo sql inject
426	+	Metinfo sql inject
427	+	D-Link authentication
428	+	Apache Solr Velocity Template RCE
429	+	Openfire Full Read SSRF
430	+	Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal.
431	+	WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
432	+	TVT NVMS 1000 - Directory Traversal
433	+	Pandora v7.0NG Post-auth Remote Code Execution
434	+	Oracle WebLogic Remote Code Execution
435	+	Oracle WebLogic Remote Code Execution
436	+	Atlassian Confluence Path Traversal
437	+	Spring Cloud Config Server Directory Traversal
438	+	youphptube-encoder-cve-2019-5128
439	+	Drupal 8 core RESTful Web Services RCE
440	+	QNAP PhotoStation Unauthorizated File Read
441	+	NEXUS < 3.14.0 Remote Code Execution
442	+	Atlassian Jira webroot leak
443	+	Jira Information Disclosure
444	+	Jira SSRF
445	+	Zimbra Collaboration XXE
446	+	SolarWinds Orion Platform Authentication Bypass
447	+	Nexus Repository before 3.21.2 allows JavaEL Injection
448	+	Nexus Repository before 3.21.2 Remote Code Execution
449	+	LimeSurvey 4.1.11 - Path Traversal
450	+	Kong API Gateway Unauthorized
451	+	Apache Kylin Exposed Configuration File
452	+	Jira Information Disclosure
453	+	Jira Unauthorized User Enumeration
454	+	Oracle Weblogic Remote Command Execution
455	+	TerraMaster TOS v4.1.24 RCE
456	+	SaltStack Shell Injection
457	+	Apache Flink RESTful API Arbitrary File Read
458	+	Inspur ClusterEngine V4.0 Remote Code Execution
459	+	NexusDB v4.50.22 Path Traversal
460	+	DLink Account Disclosure
461	+	GitLab Information Disclosure
462	+	SonarQube unauth
463	+	TerraMaster TOS 用户枚举漏洞
464	+	TerraMaster TOS 后台任意文件读取漏洞 CVE-2020-28187
465	+	TerraMaster TOS Unauthenticated Remote Command Execution
466	+	Cisco Read-Only Path Traversal
467	+	OpenTSDB 2.4.0 Remote Code Execution
468	+	GateOne Arbitrary File Download
469	+	Next.js .next limited path traversal
470	+	Spring Cloud Directory Traversal
471	+	Spring Cloud Config Server Directory Traversal
472	+	Gila CMS 1.11.8 SQL Injection.
473	+	F5 BIG-IP TMUI RCE
474	+	Satellian 1.12 Remote Code Execution
475	+	citrix-cve-2020-8191-xss
476	+	Citrix unauthenticated LFI
477	+	Citrix XenMobile Server Path Traversal
478	+	DrayTek pre-auth RCE
479	+	DLink dir610 credentials dump
480	+	SSkyWalking SQLI
481	+	Apache OFBiz XML-RPC Java Deserialization
482	+	SEOmatic < 3.3.0 Server-Side Template Injection
483	+	Prometheus v2.23.0 to v2.26.0, and v2.27.0 Open Redirect
484	+	Lanproxy Directory Traversal
485	+	LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
486	+	Pentahoa uthentication bypass
487	+	Apache Struts2 S2-062 RCE
488	+	Node RED Dashboard - Directory Traversal
489	+	Dahua IPC/VTH/VTO devices Authentication Bypass
490	+	noVNC Open Redirect
491	+	Apache Druid Authentication Restrictions Bypass
492	+	Apache ShenYu Admin JWT authentication bypass
493	+	Apache <= 2.4.48 Mod_Proxy SSRF
494	+	Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
495	+	Apache 2.4.49 - Path Traversal and Remote Code Execution
496	+	Pre-Auth Takeover of Build Pipelines in GoCD
497	+	Apache Superset Default Password
498	+	Atlassian Jira - Authentication bypass in Seraph
499	+	F5 BIG-IP iControl REST Auth Bypass RCE
500	+	Oracle WebLogic Server Local File Inclusion
501	+	Spring Cloud Gateway Code Injection
502	+	VMware Workspace ONE Access SSTI
503	+	Zabbix - SAML SSO Authentication Bypass
504	+	Zabbix Setup Configuration Authentication Bypass
505	+	Crestron Device - Credentials Disclosure
506	+	Apache APISIX apisix/batch-requests RCE
507	+	Casdoor 1.13.0 - Unauthenticated SQL Injection
508	+	VoipMonitor - Pre-Auth SQL Injection
509	+	TerraMaster TOS 信息泄漏漏洞 CVE-2022-24990
510	+	TOTOLink T6 V5.9c.4085_B20190428 Command Injection
511	+	Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
512	+	MotionEye 视频监控组件 list 信息泄漏
513	+	DotCMS Arbitrary File Upload
514	+	WSO2 fileupload 任意文件上传漏洞
515	+	Apache OFBiz Log4j JNDI RCE
516	+	Ivanti MobileIron Log4J JNDI RCE
517	+	Spring Boot Log4j Remote Code Injection
518	+	Spring Framework RCE JDK 9+
519	+	```

■ ■ ■ ■ ■ ■

README.md

		skipped 72 lines
73	73
74	74		### [查看教程](https://github.com/zan8in/afrog/blob/main/CONTRIBUTION.md)
75	75
	76	+	# PoC 列表
	77	+	### [查看 PoC 列表](https://github.com/zan8in/afrog/blob/main/POCLIST.md)
	78	+
76	79		# 免责声明
77	80
78	81		本工具仅面向合法授权的企业安全建设行为，如您需要测试本工具的可用性，请自行搭建靶机环境。
		skipped 15 lines

■ ■ ■ ■ ■ ■

README_en.md

		skipped 73 lines
74	74
75	75		### [View tutorial](https://github.com/zan8in/afrog/blob/main/CONTRIBUTION_en.md)
76	76
	77	+	# PoC List
	78	+	### [View PoC List](https://github.com/zan8in/afrog/blob/main/POCLIST.md)
	79	+
77	80		# Disclaimer
78	81
79	82		This tool is only for legally authorized enterprise security construction behavior. If you need to test the usability of this tool, please build a target environment by yourself.
		skipped 10 lines

afrog-pocs.zip

Binary file.

■ ■ ■ ■ ■ ■

cmd/rules/main.go

		skipped 7 lines
8	8		)
9	9
10	10		func main() {
11		-	c := catalog.New("./afrog-pocs")
12		-	allPocsYamlSlice, err := c.GetPocPath("./afrog-pocs")
	11	+	c := catalog.New("./pocs/afrog-pocs")
	12	+	allPocsYamlSlice, err := c.GetPocPath("./pocs/afrog-pocs")
13	13		if err != nil && len(allPocsYamlSlice) == 0 {
14	14		fmt.Println("未找到可执行脚本(POC)，请检查`默认脚本`或指定新の脚本(POC)")
15	15		}
		skipped 11 lines

add poc list