crash.software
Projects
Pull Requests
Issues
Builds
afrog
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY afrog Files
🤬
v1.3.4
ROOT /
POCLIST.md
519 lines | UTF-8 | 15 KB

PoC List

泛微OA E-Cology LoginSSO.jsp SQL注入漏洞
泛微OA E-Office UploadFile.php 任意文件上传漏洞
泛微OA E-Office officeserver.php 任意文件读取漏洞
蓝凌OA admin.do JNDI远程命令执行
华天动力OA 8000版 workFlowService SQL注入漏洞
用友 GRP-U8 Proxy SQL注入
致远OA A6 config.jsp 敏感信息泄漏漏洞
致远OA A6 createMysql.jsp 数据库敏感信息泄露
致远OA A6 setextno.jsp SQL注入漏洞
致远OA A8 status.jsp 信息泄露漏洞
致远OA A8 htmlofficeservlet 任意文件上传漏洞
通达OA v11.6 insert SQL注入漏洞
通达OA v11.5 logincheck_code.php 登陆绕过漏洞
通达OA v11.6 report_bi.func.php SQL注入漏洞
通达OA v11.5 swfupload_new.php SQL注入漏洞
通达OA User Session Disclosure
通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞
通达OA v2017 action_upload.php 任意文件上传漏洞
万户OA download_ftp.jsp 任意文件下载漏洞
万户OA download_old.jsp 任意文件下载漏洞
万户OA downloadhttp.jsp 任意文件下载漏洞
万户OA smartUpload.jsp 任意文件上传漏洞
一米OA getfile.jsp 任意文件读取漏洞
用友 FE协作办公平台 templateOfTaohong_manager.jsp 目录遍历漏洞
Office Anywhere TongDa - Path Traversal
金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞
金和OA C6 download.jsp 任意文件读取漏洞
帆软报表 V9 design_save_svg 任意文件覆盖文件上传
红帆OA ioFileExport.aspx 任意文件读取漏洞
帆软报表 V8 get_geo_json 任意文件读取漏洞
智明 SmartOA EmailDownload.ashx 任意文件下载漏洞
FanRuanOA-detect
Apache ActiveMQ Panel
Adminer Login Panel
Apache APISIX Login Panel
Avtech AVN801 Network Camera Panel Detect
Detect Azure Kubernetes Service
DirectAdmin Login Panel Detect
Python Django Admin Panel
DLink Panel
Apache dubbo detect
Emessage Panel
Fckeditor Detect
GitLab Panel
Grafana Panel
Huawei HG532e Detection
Jenkins API Instance Detection Template
Jenkins Login Detected
Jira Panel
jupyter-notebook-tech
Kubernetes Console Exposure
Detect Kubernetes Enterprise Manager
Detect Kubernetes Exposed Metrics
Detect Mirantis Kubernetes Engine
Detect Overview Kubernetes Resource Report
Kubernetes Version Exposure
LandrayOA Panel Login
Microsoft Exchange Control Panel
MinIO Browser
MinIO Console
MongoDB Ops Manager
OpenERP database instances
phpMyAdmin Panel
RabbitMQ Dashboard
Apache RocketMQ Console Exposure
Shiro detect
SolarWinds Orion Panel
SonicWall Management Panel
SonicWall Virtual Office SSLVPN Panel
Public Swagger API Desclosure
TerraMaster Login Panel
ThinkPHP detect
Apache Tomcat Detect
UPUPW-PHP 探针
UTT 艾泰网络管理系统
WAYOS-智能路由管理系统
Weblogic Login Panel
WordPress login
Zabbix Login Panel
Zentao detect
Alibaba Canal Information Leak
ASPCMS Backend Leak
Avtech AVC798HA DVR Information Exposure
AVTECH 视频监控设备认证绕过
Dlink 850l Information Disclosure
泛微OA E-Office mysql_config.ini 数据库信息泄漏
go-pprof-leak
Apache Hadoop Disclosure
hikvision-info-leak
Hjtcloud Directory File Leak
Huawei DG8045 deviceinfo 信息泄漏漏洞
Kyan Network Monitoring Account Password Leakage
Laravel Debug Info Leak
Nsfocus uts password leak
OpenVPN Monitor Disclosure
phpinfo Disclosure
Ruijie EG Information Disaclosure
ruijie-nbr1300g-cli-password-leak
Ruijie smartweb password information disclosure
seeyon-a6-employee-info-leak
seeyon-oa-cookie-leak
seeyon-session-leak
ThinkPHP 5.0.9 Information Disclosure
Tianqing Info Leak
Airflow Unauth
BT742 PMA Unauthorized Access
CouchDB Unauthorized
Druid Monitor Unauth
Elasticsearch Unauth
ETCD Unauth
frp dashboard unauth
H2 Database Web Console Unauthorized Access
Hadoop Yarn Unauth
HP office pro printer Unauthorized
Influxdb Unauth
JBoss Unauth
Jeecg Boot Unauth
jenkins-unauthorized-access
Jira Service Desk Signup
Jira Unauthenticated Admin Projects
Jira Unauthenticated Dashboards
Jira Unauthenticated Installed gadgets
Jira Unauthenticated Project Categories
Jira Unauthenticated Projects
Jira Unauthenticated Resolutions
Jira Unauthenticated Access to screens
Jira Unauthenticated User Picker
Jupyter Notebook Unauthorized Access
Kafka Manager Unauth
Kibana Unauth
kubernetes Unauth
Alibaba Nacos V1 Auth Bypass
Apache Nifi Api Unauthorized Access
Pyspider Unauthorized Access
qizhi fortressaircraft unauthorized
若依管理系统未授权访问
seeyon-ajax-unauthorized-access
spark Api Unauth
Spark WebUI Unauthenticated
Springboot Actuator Unauth
Apache Storm Unauthorized Access
Tensorboard Unauth
Tongda Meeting Unauthorized Access
Zabbix authentication Bypass
Zabbix Dashboards Access
ActiveMQ Default Password
Alibaba Canal Default Password
Apache Ambari Default Password
华为Aolynk BR304+ 智能安全路由器默认口令
ARL Default Login
Axis2 Default Login
Azkaban Web Client Default Credential
China Unicom Modem Default Login
datang-ac-default-password-CNVD-2021-04128
DELL iDRAC9 Default Login
DLink Default Password
Dubbo Admin Default Password
ExacqVision Default Login
Gitlab Default Login
Grafana Default Password
Hikvision Intercom Service Default Password
IBM Storage Management Default Login
Jenkins Default Password
Jinher OA C6 Default Password
JBoss JMX Console Weak Credential
Apache Kafka Center Default Password
Kingsoft V8 Default Password
Minio Default Password
MOFI4500-4GXeLTE-V2 Default Login
Netentsec Icg Default Password
Nexus Default Password
Nps Default Password
Nsicg Default Password
Apache OfBiz Default Login
Openerp Default Password
Oracle Business Intelligence Default Login
Panabit Gateway Default Password
Panabit Ixcache Default Password
RabbitMQ Default Password
Rancher Default Login
Ricoh Weak Password
Rockmongo Default Password
Advantech R-SeeNet Default Login
Secnet AC Default Password
SeedDMS Default Credential
Showdoc Default Password
Spectracom Default Login
Telecom Gateway Default Password
Apahce Tomcat Manager Default Login
Trilithic Viewpoint Default Login
utt-default-password
Versa Networks SD-WAN Application Default Login
wayos-default-password
WebLogic Default Login
Xerox WorkCentre 7xxx - Default Login
Zabbix Default Password
Amtt hiboss Server Ping RCE
Anyproxy 目录穿越导致任意文件读取
Cacti Weathermap File Write
Consul rexec RCE
Consul Service RCE
CouchDB Admin Party
大华 城市安防监控系统平台管理 attachment_downloadByUrlAtt.action 任意文件下载漏洞
DEDECMS Carbuyaction File Include
DEDECMS Guestbook sqli
DEDECMS Membergroup sqli
DedeCMS URL Redirection
Discuz V72 sqli
Discuz Wechat Plugins Unauth
Dlink dsl 2888a rce
Docker Registry Listing
Docker Remote API
Detect .dockercfg
DotnetCMS sqli
Duomicms sqli
泛微OA E-Bridge saveYZJFile 任意文件读取
Ecology arbitrary file upload
ecology filedownload directory traversal
泛微OA E-Cology getSqlData SQL注入漏洞
ecology springframework directory traversal
ecology syncuserinfo sqli
ecology v8 sqli
ecology validate sqli
ecology workflow center tree data sqli
ECshop Collection List sqli
ECshop RCE
eGroupWare spellchecker.php 远程命令执行
ETouch v2 sqli
FangweiCMS sqli
FeiFeiCMS lfr
FineCMS sqli
Finereport Directory Traversal
Apache Flink Unauth RCE
Grafana v8.x Arbitrary File Read
H3C imc RCE
H3C Secparh Any User Login
Hanming Video Conferencing File Read
HjtCloud Arbitrary File Read
Huawei Home Gateway Hg659 Fileread
Huijietong Cloud File Read
IIS Put Getshell
Jeewms Showordownbyurl fileread
Joomla Component Vreview sql
Jumpserver Unauth RCE
Kingdee EAS Directory Traversal
Kingsoft V8 File Read
landray-oa-custom-jsp-fileread
蓝凌OA sysSearchMain.do 远程命令执行
Laravel Improper Webdir
Maccms RCE
Maccmsv10 Backdoor
Metinfo file read
Mpsec isg1000 file read
msvod sqli
myucms lfr
Natshell Arbitrary File Read
Netentsec Ngfw RCE
Ns Asg file read
Nuuo file inclusion
Odoo file read
Pbootcms Database File Download
Phpmyadmin Setup Deserialization
phpok sqli
phpshe sqli
Phpstudy backdoor rce
Phpstudy Nginx Wrong Resolve
Powercreator Arbitrary file upload
qibocms sqli
qilin bastion host rce
resin inputfile fileread
resin viewfile fileread
ruijie-eg-cli-rce
ruijie-eg-file-read
Ruoyi Management Fileread
Samsung Wea453e Default Password
Samsung Wea453e RCE
Samsung Wlan AP Wea453e RCE
sangfor-ba-rce
sangfor-edr-arbitrary-admin-login
sangfor-edr-cssp-rce
sangfor-edr-tool-rce
Seacms Before V992 RCE
SeaCMS RCE
SeaCMS sqli
SeaCMS V654 RCE
SeaCMS V645 RCE
seeyon session upload webshell
seeyon wooyun 2015 0108235 sqli
Seeyon WooYun LFR
shiziyu cms apicontroller sqli
Showdoc Uploadfile
Solr Admin Query Page
Apache Solr <= 8.8.1 Arbitrary File Read
Apache Solr Log4j RCE
Sonicwall SSL VPN RCE
Spon Ip Intercom File Read
Spon Ip Intercom Ping RCE
Spring Cloud Function SPEL 远程命令执行漏洞
Spring Boot H2 Database RCE
Tamronos iptv rce
Selea Targa IP OCR-ANPR Camera - Unauthenticated Directory Traversal
Thinkadmin v6 readfile
Thinkcmf lfi
Thinkcmf write shell
ThinkPHP 2 3 's' Parameter RCE
ThinkPHP 5.0.1 RCE
ThinkPHP 5.0.22 RCE
ThinkPHP 5.0.23 RCE
thinkphp-v6-file-write
Tpshop Directory Traversal
Tpshop sqli
Typecho rce
UniFi Network Log4j JNDI RCE
和信云桌面未授权任意文件上传
Vmware Vcenter Arbitrary file read
VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
万户 OA Upload RCE
weblogic ssrf
Weiphp Path Traversal
weiphp sql
Discuz Command Execution
Wordpress Ext Adaptive Images lfi
Wordpress Ext Mailpress RCE
WuzhiCMS V410 sqli
Xdcms sql
Yapi RCE
YcCMS RCE
Yongyou U8 OA sqli
Yonyou Grp U8 sqli to rce
Yonyou Grp U8 sqli
Yonyou NC Arbitrary file upload
yonyou-nc-bsh-servlet-bshservlet-rce
YungouCMS sqli
zcms v3 sqli
ZzCMS zsmanage sqli
Caucho Resin Information Disclosure
Ueditor编辑器.net版本存在文件上传漏洞
Metinfo file read
Xiuno BBS CNVD-2019-01348
Coremail Information Disclosure
Discuz!ML 3.x 任意代码执行
泛微OA E-Cology BshServlet 远程代码执行漏洞
Joomla configuration.php RCE
Xxunchi Local File read
e-zkeco-CNVD-2020-57264-read-file
ecshop-CNVD-2020-58823-sqli
致远oa系统存在任意文件读取漏洞
H5S CONSOLE 存在未授权访问
Datang AC Default Password
锐捷网络股份有限公司NBR路由器EWEB网管系统存在命令执行漏洞
EEA Information Disclosure
Ruijie RG-UAC Information Disclosure
ShopXO File Read
EmpireCMS DOM Cross Site-Scripting
Wifisky Default Password
JBoss CVE-2010-1871
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
PHP CGI v5.3.12/5.4.2 RCE
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (S2-016)
Elasticsearch CVE-2014-3120
Drupal SQL Injection
ShellShock - Remote Code Execution
Elasticsearch CVE-2015-1427
Elasticsearch CVE-2015-3337
Elasticsearch CVE-2015-5531
Joomla Core SQL Injection
Atlassian Confluence configuration files read
Zabbix CVE-2016-10134
Apache S2-032 Struts RCE
ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)
Spring Security OAuth2 Remote Command Execution
GlassFish LFI
WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271
Supervisor XMLRPC Exec
Java/Jboss Deserialization [RCE]
Apache Tomcat RCE
Apache Solr <= 7.1 XML entity injection
CouchDB CVE-2017-12635
Nextjs v2.4.1 LFI
Bypassing Authentication on NETGEAR Routers
JBoss 4.x JBossMQ JMS 反序列化漏洞
Hikvision CVE-2017-7921
Joomla SQL Injection
Apache Struts2 S2-053 RCE
phpunit rce
GitList < 0.6.0 RCE
Pre-auth Fully-responded SSRF
Jenkins 2.138 Remote Command Execution
Nagios XI commandline.php SQL Inject
Nagios XI SQL Inject
Nagios XI SQL Inject
Nagios XI before 5.4.13 SQL Inject
FlexPaper PHP Publish Service RCE
Apache Tomcat JK Status Manager Access
PhpMyAdmin 4.8.1 Remote File Inclusion
FortiOS - Credentials Disclosure
Kibana Local File Inclusion
PHPCMS 2008 Remote Code Execution
Ruby On Rails Path Traversal
Joomla Ext zhbaidumap sql inject
DedeCMS 5.7 Web Path Disclosure
Joomla SQL Inject
uWSGI PHP Plugin Directory Traversal
Drupal Drupalgeddon 2 RCE
Couchcms 2.0 Dictionary Disclosure
Dedecms V5.7 后台任意代码执行
Apache OFBiz XXE
Cobub Razor 0.8.0 Physical path Leakage Vulnerability
DVR Authentication Bypass
Apache Solr Remote Code Execution
Mongo-Express Remote Code Execution - CVE-2019-10758
Pulse Connect Secure SSL VPN Arbitrary File Read
Jira 未授权服务端模板注入
Zeroshell 3.9.0 Remote Command Execution
Webmin <= 1.920 Unauthenticated Remote Command Execution
Harbor Enables Privilege Escalation From Zero to admin
Nostromo 1.9.6 - Remote Code Execution
ifw8 Router ROM v4.31 Credential Discovery
rConfig v3.9.2 RCE
vBulletin v5.0.0-v5.5.4 Remote Command Execution
D-Link Unauthenticated remote code
Metinfo 7.0.0beta SQL Inject
Metinfo sql inject
Metinfo sql inject
D-Link authentication
Apache Solr Velocity Template RCE
Openfire Full Read SSRF
Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal.
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
TVT NVMS 1000 - Directory Traversal
Pandora v7.0NG Post-auth Remote Code Execution
Oracle WebLogic Remote Code Execution
Oracle WebLogic Remote Code Execution
Atlassian Confluence Path Traversal
Spring Cloud Config Server Directory Traversal
youphptube-encoder-cve-2019-5128
Drupal 8 core RESTful Web Services RCE
QNAP PhotoStation Unauthorizated File Read
NEXUS < 3.14.0 Remote Code Execution
Atlassian Jira webroot leak
Jira Information Disclosure
Jira SSRF
Zimbra Collaboration XXE
SolarWinds Orion Platform Authentication Bypass
Nexus Repository before 3.21.2 allows JavaEL Injection
Nexus Repository before 3.21.2 Remote Code Execution
LimeSurvey 4.1.11 - Path Traversal
Kong API Gateway Unauthorized
Apache Kylin Exposed Configuration File
Jira Information Disclosure
Jira Unauthorized User Enumeration
Oracle Weblogic Remote Command Execution
TerraMaster TOS v4.1.24 RCE
SaltStack Shell Injection
Apache Flink RESTful API Arbitrary File Read
Inspur ClusterEngine V4.0 Remote Code Execution
NexusDB v4.50.22 Path Traversal
DLink Account Disclosure
GitLab Information Disclosure
SonarQube unauth
TerraMaster TOS 用户枚举漏洞
TerraMaster TOS 后台任意文件读取漏洞 CVE-2020-28187
TerraMaster TOS Unauthenticated Remote Command Execution
Cisco Read-Only Path Traversal
OpenTSDB 2.4.0 Remote Code Execution
GateOne Arbitrary File Download
Next.js .next limited path traversal
Spring Cloud Directory Traversal
Spring Cloud Config Server Directory Traversal
Gila CMS 1.11.8 SQL Injection.
F5 BIG-IP TMUI RCE
Satellian 1.12 Remote Code Execution
citrix-cve-2020-8191-xss
Citrix unauthenticated LFI
Citrix XenMobile Server Path Traversal
DrayTek pre-auth RCE
DLink dir610 credentials dump
SSkyWalking SQLI
Apache OFBiz XML-RPC Java Deserialization
SEOmatic < 3.3.0 Server-Side Template Injection
Prometheus v2.23.0 to v2.26.0, and v2.27.0 Open Redirect
Lanproxy Directory Traversal
LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
Pentahoa uthentication bypass
Apache Struts2 S2-062 RCE
Node RED Dashboard - Directory Traversal
Dahua IPC/VTH/VTO devices Authentication Bypass
noVNC Open Redirect
Apache Druid Authentication Restrictions Bypass
Apache ShenYu Admin JWT authentication bypass
Apache <= 2.4.48 Mod_Proxy SSRF
Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
Apache 2.4.49 - Path Traversal and Remote Code Execution
Pre-Auth Takeover of Build Pipelines in GoCD
Apache Superset Default Password
Atlassian Jira - Authentication bypass in Seraph
F5 BIG-IP iControl REST Auth Bypass RCE
Oracle WebLogic Server Local File Inclusion
Spring Cloud Gateway Code Injection
VMware Workspace ONE Access SSTI
Zabbix - SAML SSO Authentication Bypass
Zabbix Setup Configuration Authentication Bypass
Crestron Device - Credentials Disclosure
Apache APISIX apisix/batch-requests RCE
Casdoor 1.13.0 - Unauthenticated SQL Injection
VoipMonitor - Pre-Auth SQL Injection
TerraMaster TOS 信息泄漏漏洞 CVE-2022-24990
TOTOLink T6 V5.9c.4085_B20190428 Command Injection
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
MotionEye 视频监控组件 list 信息泄漏
DotCMS Arbitrary File Upload
WSO2 fileupload 任意文件上传漏洞
Apache OFBiz Log4j JNDI RCE
Ivanti MobileIron Log4J JNDI RCE
Spring Boot Log4j Remote Code Injection
Spring Framework RCE JDK 9+
Please wait...
Page is in error, reload to recover