11_16

Weaver/Weaver_e-Bridge_File_Read/README.md

@@ -0,0 +1,10 @@
+# Weaver e-Bridge File Read
+
+泛微云桥（e-Bridge）是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。泛微云桥存在任意文件读取漏洞，攻击者成功利用该漏洞，可实现任意文件读取，获取敏感信息。
+
+
+**[FOFA](https://fofa.so/result?qbase64=YXBwPSJXZWF2ZXItZS1CcmlkZ2Ui) query rule**: app="Weaver-e-Bridge"
+
+# Demo
+
+![](Weaver_e-Bridge_File_Read.gif)

WebLogic/CVE-2020-14825/README.md

@@ -0,0 +1,11 @@
+# weblogic t3 CVE-2020-14825
+
+Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+
+**Affected version**:  12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
+
+**[FOFA](https://fofa.so/result?qbase64=dGl0bGU9PSJFcnJvciA0MDQtLU5vdCBGb3VuZCIgfHwgYXBwPSJPcmFjbGUtV2VibG9naWNQb3J0YWwi) query rule**: title=="Error 404--Not Found" || app="Oracle-WeblogicPortal"
+
+# Demo
+
+![](weblogic_t3_CVE_2020_14825.gif)

XXL-JOB/XXL-JOB_API_Unauthenticated_glueSource_RCE/README.md

@@ -0,0 +1,10 @@
+# XXL-JOB API Unauthenticated glueSource RCE
+
+<p>XXL-JOB是一个分布式任务调度平台，其核心设计目标是开发迅速、学习简单、轻量级、易扩展，现已开放源代码并接入多家公司线上产品线，接入场景如电商业务，O2O业务和大数据作业等。</p><p>XXL-JOB默认情况下XXL-JOB的API接口没有配置认证措施，未授权的攻击者可构造恶意请求，造成远程执行命令，直接控制服务器。漏洞利用无需登录，实际风险极高。
+
+
+**[FOFA](https://fofa.so/result?qbase64=Ym9keT0iaW52YWxpZCByZXF1ZXN0LCBIdHRwTWV0aG9kIG5vdCBzdXBwb3J0IiB8fCBib2R5PSJpbnZhbGlkIHJlcXVlc3QsIHVyaS1tYXBwaW5nKC8pIG5vdCBmb3VuZC4i) query rule**: body="invalid request, HttpMethod not support" || body="invalid request, uri-mapping(/) not found."
+
+# Demo
+
+![](XXL-JOB_API_Unauthenticated_glueSource_RCE.gif)