def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.SOLR
self.name = 'solr template rce'
self.keyword = ['solr']
self.info = 'solr template rce'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.CRITICAL
self.refer = 'https://github.com/chaitin/xray/blob/master/pocs/solr-velocity-template-rce.yml'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'directory list'
self.keyword = ['web']
self.info = 'directory list'
self.type = VUL_TYPE.INFO
self.level = VUL_LEVEL.LOWER
self.refer = 'https://github.com/WyAtu/Perun/blob/master/vuln/web/directory_listing.py'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'php7cms getshell'
self.keyword = ['php7cms']
self.info = 'php7cms getshell'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.HIGH
self.refer = 'https://paper.tuisec.win/detail/2139f76293bdb43'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEBLOGIC
self.name = 'CNVD-C-2019-48814'
self.keyword = ['weblogic']
self.info = 'CNVD-C-2019-48814'
self.type = 'rce'
self.level = 'high'
self.refer = 'http://www.cnvd.org.cn/webinfo/show/4999'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'CVE-2018-12613'
self.keyword = ['phpmyadmin', 'php']
self.info = 'CVE-2018-12613'
self.type = VUL_TYPE.LFI
self.level = VUL_LEVEL.HIGH
self.refer = 'https://mp.weixin.qq.com/s/HZcS2HdUtqz10jUEN57aog'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.CONFLUENCE
self.name = 'CVE-2019-3396'
self.keyword = ['confluence']
self.info = 'Get the web application status and title'
self.type = 'rce'
self.level = 'high'
self.refer = 'https://www.seebug.org/vuldb/ssvid-97898'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 's-cms download'
self.keyword = ['s-cms', 'download']
self.info = 's-cms download'
self.type = VUL_TYPE.INFO
self.level = VUL_LEVEL.HIGH
self.refer = 'https://xz.aliyun.com/t/3614'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'thinkphp 5.1.31 getshell'
self.keyword = ['thinkphp']
self.info = 'Thinkphp 5.1.x < 5.1.31 and 5.0.x <= 5.0.23 get shell. e.g. FastAdmin,layuiAdmin,DZHCMS,tpAdmin'
self.type = 'rce'
self.level = 'high'
self.refer = 'https://mp.weixin.qq.com/s/oWzDIIjJS2cwjb4rzOM4DQ,http://www.vulnspy.com/cn-thinkphp-5.x-rce/thinkphp_5.x_(v5.0.23%E5%8F%8Av5.1.31%E4%BB%A5%E4%B8%8B%E7%89%88%E6%9C%AC)_%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%EF%BC%88getshell%EF%BC%89/'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEBLOGIC
self.name = 'CVE-2018-2628'
self.keyword = ['weblogic']
self.info = 'CVE-2018-2628'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.CRITICAL
self.refer = 'https://github.com/ysrc/xunfeng/blob/master/vulscan/vuldb/weblogic_CVE_2018_2628.py'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEBLOGIC
self.name = 'CVE-2018-2894'
self.keyword = ['weblogic']
self.info = 'CVE-2018-2894'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.CRITICAL
self.refer = 'https://github.com/111ddea/cve-2018-2894'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'CVE-2019-11580'
self.keyword = ['atlassian', 'crowd']
self.info = 'atlassian crowd getshell'
self.type = 'rce'
self.level = 'high'
self.refer = 'https://github.com/jas502n/CVE-2019-11580'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'dedecms win manager'
self.keyword = ['dedecms', 'win', 'manager']
self.info = 'Find manager for dedecms'
self.type = 'burst'
self.level = 'medium'
self.refer = 'https://xz.aliyun.com/t/2064'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'niushop getshell'
self.keyword = ['niushop']
self.info = 'niushop getshell'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.HIGH
self.refer = 'https://xz.aliyun.com/t/3767'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'thinkphp v6 file write'
self.keyword = ['thinkphp']
self.info = 'thinkphp v6 file write'
self.type = 'other'
self.level = VUL_LEVEL.HIGH
self.refer = ''
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEBLOGIC
self.name = 'CVE-2017-10271'
self.keyword = ['weblogic']
self.info = 'CVE-2017-10271'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.CRITICAL
self.refer = 'http://www.cnvd.org.cn/webinfo/show/4999'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'thinkcmf 2.2.3 sql'
self.keyword = ['thinkcmf', 'php']
self.info = 'thinkcmf 2.2.3 sql'
self.type = 'sql'
self.level = VUL_LEVEL.HIGH
self.refer = 'https://xz.aliyun.com/t/3529'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.ELASTICSEARCH
self.name = 'CVE-2018-1000600'
self.keyword = ['jenkins']
self.info = 'CVE-2018-1000600'
self.type = VUL_TYPE.SSRF
self.level = VUL_LEVEL.HIGH
self.refer = 'https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.ELASTICSEARCH
self.name = 'CVE-2018-1000861'
self.keyword = ['jenkins']
self.info = 'CVE-2018-1000861'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.CRITICAL
self.refer = 'https://github.com/chaitin/xray/blob/master/pocs/jenkins-cve-2018-1000861-rce.yml'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'thinkphp debug'
self.keyword = ['thinkphp']
self.info = 'thinkphp debug'
self.type = 'info'
self.level = 'info'
self.refer = ''
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'discuz x3.4 ssrf'
self.keyword = ['discuz']
self.info = 'discuz x3.4 ssrf'
self.type = 'ssrf'
self.level = 'high'
self.refer = 'https://zhuanlan.zhihu.com/p/51907363, https://www.seebug.org/vuldb/ssvid-97709'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'phpmyadmin burst'
self.keyword = ['phpmyadmin', 'burst', 'php']
self.info = 'phpmyadmin burst'
self.type = VUL_TYPE.WEAKPASS
self.level = VUL_LEVEL.CRITICAL
self.refer = 'https://github.com/ysrc/xunfeng/blob/master/vulscan/vuldb/phpmyadmin_crackpass.py'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.CONFLUENCE
self.name = 'CVE-2015-8399'
self.keyword = ['confluence']
self.info = 'CVE-2015-8399'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.HIGH
self.refer = 'https://www.exploit-db.com/exploits/39170/'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'CVE-2019-9978'
self.keyword = ['wordpress']
self.info = 'WordPress social-warfare <= 3.5.2'
self.type = 'rce'
self.level = 'high'
self.refer = 'https://paper.seebug.org/919/'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'thinkcmf 2.2.3 template inject'
self.keyword = ['thinkcmf', 'php']
self.info = 'thinkcmf 2.2.3 template inject'
self.type = 'rce'
self.level = 'high'
self.refer = 'https://xz.aliyun.com/t/3529'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.SOLR
self.name = 'CVE-2017-12629'
self.keyword = ['solr']
self.info = 'CVE-2017-12629'
self.type = VUL_TYPE.XXE
self.level = VUL_LEVEL.HIGH
self.refer = 'https://github.com/chaitin/xray/blob/master/pocs/solr-cve-2017-12629-xxe.yml'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'kindeditor upload json'
self.keyword = ['web', 'kindeditor', 'upload', 'json']
self.info = 'Kindeditor <= 4.1.12 upload'
self.type = 'upload'
self.level = VUL_LEVEL.MEDIUM
self.refer = 'https://github.com/kindsoft/kindeditor/issues/249'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'flexpaper 2.3.6 getshell'
self.keyword = ['flexpaper']
self.info = 'FlexPaper <= 2.3.6 RCE.(CVE-2018-11686)'
self.type = VUL_TYPE.RCE
self.level = VUL_LEVEL.HIGH
self.refer = 'https://mp.weixin.qq.com/s/8eBwfW231Nm02Lz8La2P1w'
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'http basic auth burst'
self.keyword = ['tomcat', 'burst', 'tomcat']
self.info = 'http basic auth burst'
self.type = VUL_TYPE.WEAKPASS
self.level = VUL_LEVEL.HIGH
self.repair = ''
self.refer = ''
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'CVE-2018-11759'
self.keyword = ['web', 'tomcat']
self.info = 'CVE-2018-11759'
self.type = VUL_TYPE.BYPASS
self.level = VUL_LEVEL.HIGH
self.repair = ''
self.refer = ''
Script.__init__(self, target=target, service_type=self.service_type)
def __init__(self, target=None):
self.service_type = SERVICE_PORT_MAP.WEB
self.name = 'druid-monitor-unauth'
self.keyword = ['web', 'druid']
self.info = 'druid-monitor-unauth'
self.type = VUL_TYPE.UNAUTH
self.level = VUL_LEVEL.HIGH
self.repair = ''
self.refer = ''
Script.__init__(self, target=target, service_type=self.service_type)
