2023-08-30 10:17:32 +02:00
|
|
|
|
# 更新日志
|
|
|
|
|
|
|
2023-09-13 04:36:42 +02:00
|
|
|
|
## 2023.9.13
|
|
|
|
|
|
|
|
|
|
|
|
根据 **hanbufei**大哥的pr,添加模糊搜索poc,并跳过指纹识别、路径爆破直接打poc的功能。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-04 11:08:49 +02:00
|
|
|
|
## 2023.9.4
|
|
|
|
|
|
|
|
|
|
|
|
修复大量目标进行主动指纹探测时协程调度异常导致资源占用过高的问题。
|
|
|
|
|
|
|
|
|
|
|
|
新增web探针线程、超时命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
新增跳过Golang Poc的命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-02 05:52:08 +02:00
|
|
|
|
## 2023.9.2
|
|
|
|
|
|
|
|
|
|
|
|
部分2023 hvv漏洞更新
|
|
|
|
|
|
|
|
|
|
|
|
renwoxing-crm-smsdatalist-sqli (感谢h0nayuzu)
|
|
|
|
|
|
|
|
|
|
|
|
jeecg-boot-ssti-rce
|
|
|
|
|
|
|
|
|
|
|
|
dahua-smart-park-getfacecapture-sqli(感谢h0nayuzu)
|
|
|
|
|
|
|
|
|
|
|
|
dahua-smart-park-video-upload
|
|
|
|
|
|
|
|
|
|
|
|
dahua-user-getuserinfobyusername-getpassword(感谢h0nayuzu)
|
|
|
|
|
|
|
|
|
|
|
|
cdg-uploadfilefromclientserviceforclient-file-upload (亿赛通文件上传)
|
|
|
|
|
|
|
|
|
|
|
|
officeweb365-file-upload
|
|
|
|
|
|
|
|
|
|
|
|
yonyou-turbocrm-getemaildata-fileread
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-08-30 10:17:32 +02:00
|
|
|
|
## 2023.8.30
|
|
|
|
|
|
|
|
|
|
|
|
同步Nuclei模板至v9.6.2.将部分user目录下的Poc指向Nuclei官方Poc
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-36346
|
|
|
|
|
|
|
|
|
|
|
|
CNVD-2022-86535
|
|
|
|
|
|
|
|
|
|
|
|
leostream-default-login
|
|
|
|
|
|
|
|
|
|
|
|
pyload-default-login
|
|
|
|
|
|
|
|
|
|
|
|
unauth-temporal-web-ui
|
|
|
|
|
|
|
|
|
|
|
|
apache-dubbo-unauth
|
|
|
|
|
|
|
|
|
|
|
|
apache-rocketmq-broker-unauth
|
|
|
|
|
|
|
|
|
|
|
|
collibra-properties
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-29300
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-29298
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-24489
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2022-40127
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-37270
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2020-17463
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2017-7925
|
|
|
|
|
|
|
|
|
|
|
|
yealink-default-login
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-38646
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-37265
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-37266
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-35885
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-37462
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-38205
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-3836
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-3765
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2021-44139
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2021-27670
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2018-20608
|
|
|
|
|
|
|
|
|
|
|
|
elasticsearch-default-login
|
|
|
|
|
|
|
|
|
|
|
|
jupyter-notebook-rce
|
|
|
|
|
|
|
|
|
|
|
|
skype-blind-ssrf
|
|
|
|
|
|
|
|
|
|
|
|
tongda-auth-bypass (Tongda OA 11.7 - Authentication Bypass)
|
|
|
|
|
|
|
|
|
|
|
|
alibaba-anyproxy-lfi
|
|
|
|
|
|
|
|
|
|
|
|
nginxwebui-runcmd-rce
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-39143
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-26067
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-22480
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2022-40843
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2021-22707
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2020-28185
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2019-7192
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2019-15642
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2018-18809
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2018-12909
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2017-8229
|
|
|
|
|
|
|
|
|
|
|
|
CNVD-2021-43984
|
|
|
|
|
|
|
|
|
|
|
|
CNVD-2021-41972
|
|
|
|
|
|
|
|
|
|
|
|
bsphp-info (BSPHP - Information Disclosure)
|
|
|
|
|
|
|
|
|
|
|
|
discuz-api-pathinfo (Discuz! X2.5 - Path Disclosure)
|
|
|
|
|
|
|
|
|
|
|
|
joomla-department-sqli
|
|
|
|
|
|
|
|
|
|
|
|
netmizer-cmd-rce
|
|
|
|
|
|
|
|
|
|
|
|
netmizer-data-listing
|
|
|
|
|
|
|
|
|
|
|
|
acti-video-lfi
|
|
|
|
|
|
|
|
|
|
|
|
avcon6-execl-lfi
|
|
|
|
|
|
|
|
|
|
|
|
eaa-app-lfi (EAA Application Access System - Arbitary File Read)
|
|
|
|
|
|
|
|
|
|
|
|
easyimage-downphp-lfi
|
|
|
|
|
|
|
|
|
|
|
|
ecology-oa-file-sqli (E-cology FileDownloadForOutDocSQL - SQL Injection)
|
|
|
|
|
|
|
|
|
|
|
|
kedacom-network-lfi
|
|
|
|
|
|
|
|
|
|
|
|
panabit-ixcache-rce
|
|
|
|
|
|
|
|
|
|
|
|
sangfor-cphp-rce
|
|
|
|
|
|
|
|
|
|
|
|
sangfor-download-lfi
|
|
|
|
|
|
|
|
|
|
|
|
sangfor-sysuser-conf
|
|
|
|
|
|
|
|
|
|
|
|
tamronos-user-creation
|
|
|
|
|
|
|
|
|
|
|
|
wisegiga-nas-lfi
|
|
|
|
|
|
|
|
|
|
|
|
zzzcms-info-disclosure
|
|
|
|
|
|
|
|
|
|
|
|
zzzcms-ssrf
|
|
|
|
|
|
|
|
|
|
|
|
apache-solr-rce
|
|
|
|
|
|
|
|
|
|
|
|
bloofoxcms-default-login
|
|
|
|
|
|
|
|
|
|
|
|
openmediavault-default-login
|
|
|
|
|
|
|
|
|
|
|
|
webmin-default-login
|
|
|
|
|
|
|
|
|
|
|
|
socks5-vpn-config (惠尔顿-e地通VPN Socks5 VPN - Sensitive File Disclosure)
|
|
|
|
|
|
|
|
|
|
|
|
bitbucket-auth-bypass
|
|
|
|
|
|
|
|
|
|
|
|
casdoor-users-password
|
|
|
|
|
|
|
|
|
|
|
|
yzmcms-installer
|
|
|
|
|
|
|
|
|
|
|
|
mobsf-framework-exposure
|
|
|
|
|
|
|
|
|
|
|
|
openstack-config
|
|
|
|
|
|
|
|
|
|
|
|
sonarqube-projects-disclosure
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-39141
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2023-38035
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2022-46463
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2022-39986
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2021-41460
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2019-17662
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2019-1898
|
|
|
|
|
|
|
|
|
|
|
|
CNVD-2023-08743
|
|
|
|
|
|
|
|
|
|
|
|
74cms-weixin-sqli
|
|
|
|
|
|
|
|
|
|
|
|
fine-report-v9-file-upload
|
|
|
|
|
|
|
|
|
|
|
|
jinhe-oa-c6-lfi
|
|
|
|
|
|
|
|
|
|
|
|
apache-druid-log4j
|
|
|
|
|
|
|
|
|
|
|
|
aspcms-commentlist-sqli
|
|
|
|
|
|
|
|
|
|
|
|
caimore-gateway-rce
|
|
|
|
|
|
|
|
|
|
|
|
h3c-cvm-arbitrary-file-upload
|
|
|
|
|
|
|
|
|
|
|
|
hanta-rce
|
|
|
|
|
|
|
|
|
|
|
|
hongfan-ioffice-lfi
|
|
|
|
|
|
|
|
|
|
|
|
hongfan-ioffice-rce
|
|
|
|
|
|
|
|
|
|
|
|
hongfan-ioffice-sqli
|
|
|
|
|
|
|
|
|
|
|
|
landray-oa-erp-data-rce
|
|
|
|
|
|
|
|
|
|
|
|
maltrail-rce
|
|
|
|
|
|
|
|
|
|
|
|
ruijie-excu-shell
|
|
|
|
|
|
|
|
|
|
|
|
apache-couchdb-unauth
|
|
|
|
|
|
|
|
|
|
|
|
chatgpt-web-unauth
|
|
|
|
|
|
|
|
|
|
|
|
feiyuxing-info-leak
|
|
|
|
|
|
|
|
|
|
|
|
hikivision-env
|
|
|
|
|
|
|
|
|
|
|
|
unauth-redis-insight
|
|
|
|
|
|
|
|
|
|
|
|
kylin-default-login
|
|
|
|
|
|
|
|
|
|
|
|
caimore-default-login
|
|
|
|
|
|
|
|
|
|
|
|
easyreport-default-login
|
|
|
|
|
|
|
|
|
|
|
|
nacos-default-login
|
