admin/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-11-05 10:45:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/springboot-env-unauth.yml

10 lines
319 B
YAML
Raw Normal View History

修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml
2021-02-25 19:53:58 +08:00
name: poc-yaml-springboot-env-unauth
加入 404星链
2021-04-22 12:06:03 +08:00
rules:
- method: GET
path: /env
expression: |
response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"java.version") && response.body.bcontains(b"os.arch")
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml
2021-02-25 19:53:58 +08:00
detail:
links:
- https://github.com/LandGrey/SpringBootVulExploit
Reference in New Issue Copy Permalink