add CVE-2023-27350: PaperCut NG身份验证绕过导致的RCE&CVE-2023-27524: Apache Superset中不安全的默认配置&CVE-2023-1671: Sophos Web Appliance 远程命令执行漏洞

HexDnsEchoT: DnslogCmdEcho修改版、Mimikatz: 用c#实现了个远程拉取Mimikatz.ps1、RedisEXP: Redis 漏洞利用工具、JundeadShell: Java内存马注入工具、WeaverScan: 泛微oa漏洞利用工具、frpCracker: 一款golang编写的，批量检测frp server未授权访问、弱token的工具、exec2shell: 将PE、ELF或Mach-O可执行文件的TEXT部分提取为shellcode、unauthorized_com: 未授权检测的命令行版，支持批量检测
2025-08-13 03:17:26 +00:00 · 2023-05-12 20:09:11 -07:00 · 2023-05-12 20:09:11 -07:00 · 5a6dd04646
commit 5a6dd04646
parent 92e4a57253
1 changed files with 11 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -61,6 +61,7 @@
 - [CVE-2022-20866：思科自适应安全设备软件和 Firepower 威胁防御软件 RSA 私钥泄漏检查](https://github.com/CiscoPSIRT/CVE-2022-20866)
 - [WLAN-AP-WEA453e RCE:三星路由器远程命令执行漏洞](./WLAN-AP-WEA453e%20RCE三星路由器远程命令执行漏洞.md)
 - [Buffer overflow in Xiongmai DVRs](https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/)|[备份](https://web.archive.org/web/20221129205148/https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/)
+- [CVE-2023-27350: PaperCut NG身份验证绕过导致的RCE](https://github.com/horizon3ai/CVE-2023-27350)

 ## <span id="head4">Web APP</span>

@ -300,6 +301,8 @@
 - [CVE-2022-39952：FortiNAC keyUpload zipslip 远程代码执行漏洞](https://github.com/horizon3ai/CVE-2022-39952)
 - [CVE-2022-21587：Oracle E-Business Suite 未授权RCE](https://github.com/hieuminhnv/CVE-2022-21587-POC)|[Oracle E-BS CVE-2022-21587 Exploit Plugin for woodpecker-framwork](https://github.com/Zh1z3ven/Oracle-E-BS-CVE-2022-21587-Exploit)
 - [Alibab-Nacos-Unauthorized-Login: Alibab Nacos <= 2.2.0 未授权访问「默认key生成jwt token」](https://github.com/Al1ex/Alibab-Nacos-Unauthorized-Login)|[Nacos-Authentication-Bypass-Poc ](https://github.com/atk7r/Nacos-Authentication-Bypass-Poc)|[nacos_vul: Nacos身份验证绕过批量检测（QVD-2023-6271）+ 直接添加用户](https://github.com/Pizz33/nacos_vul)
+- [CVE-2023-27524: Apache Superset中不安全的默认配置](https://github.com/horizon3ai/CVE-2023-27524)
+- [CVE-2023-1671: Sophos Web Appliance 远程命令执行漏洞](https://github.com/W01fh4cker/CVE-2023-1671-POC)

 ## <span id="head5"> 提权辅助相关</span>

@ -1495,7 +1498,7 @@
 - [addMemShellsJSP：通过jsp注入valve内存马，可以忽略框架影响，通用tomcat789](https://github.com/Ghost2097221/addMemShellsJSP)
 - [GarBageTools-public：支持致远、蓝凌、万户、帆软报表、fastjson、el表达式shell等功能的漏洞利用工具](https://github.com/Ghost2097221/GarBageTools-public)
 - [NoNetCmdEcho-FileW.e：应对渗透中极限环境下命令回显 & 文件落地](https://github.com/Dr-S1x17/NoNetCmdEcho-FileW.e)
- [DnslogCmdEcho：命令执行不回显但DNS协议出网的命令回显场景解决方案](https://github.com/sv3nbeast/DnslogCmdEcho)
+- [DnslogCmdEcho：命令执行不回显但DNS协议出网的命令回显场景解决方案](https://github.com/sv3nbeast/DnslogCmdEcho)|[HexDnsEchoT: DnslogCmdEcho修改版](https://github.com/A0WaQ4/HexDnsEchoT)
 - [Goal：Goal Go Red-Team 工具类](https://github.com/code-scan/Goal)
 - [Frp：魔改版 FRP 更加适合红对作战使用](https://github.com/DongHuangT1/Frp)
 - [Shellcode-Loader：动态加载 shellcode](https://github.com/ReversingID/Shellcode-Loader)
@ -1767,6 +1770,13 @@
 - [go-public: 基于 Go 的端口转发工具](https://github.com/songquanpeng/go-public)
 - [ByPassUACTools: Windows 平台下的UAC(User Account Contro) 绕过工具](https://github.com/Adminisme/ByPassUACTools)
 - [JsonExp: fastjson漏洞批量检测工具](https://github.com/smallfox233/JsonExp)
+- [Mimikatz: 用c#实现了个远程拉取Mimikatz.ps1](https://github.com/Avienma/Mimikatz)
+- [RedisEXP: Redis 漏洞利用工具](https://github.com/yuyan-sec/RedisEXP)
+- [JundeadShell: Java内存马注入工具](https://github.com/0x00007c00/JundeadShell)
+- [WeaverScan: 泛微oa漏洞利用工具](https://github.com/TD0U/WeaverScan)
+- [frpCracker: 一款golang编写的，批量检测frp server未授权访问、弱token的工具](https://github.com/SleepingBag945/frpCracker)
+- [exec2shell: 将PE、ELF或Mach-O可执行文件的TEXT部分提取为shellcode](https://github.com/Binject/exec2shell)
+- [unauthorized_com: 未授权检测的命令行版，支持批量检测](https://github.com/xk11z/unauthorized_com)

 ## <span id="head8"> 文章/书籍/教程相关</span>