1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CVE-2019-2725

Browse Source
This commit is contained in:
rpkr
2019-08-19 20:02:21 +08:00
parent 927b6e2fea
commit 5d5352ea74
5 changed files with 213 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@@ -2,72 +2,73 @@
常见漏洞快速检测,目前包含以下漏洞。 常见漏洞快速检测,目前包含以下漏洞。
## Tomcat ## Tomcat
- CVE_2017_12615 / CVE_2017_12617 - CVE_2017_12615 / CVE_2017_12617
- tomcat_weakpassword - tomcat_weakpassword
- example_vulnerability(检测tomcat的examples等目录是否存在) - example_vulnerability(检测tomcat的examples等目录是否存在)
> moon.py -u tomcat http://xx.xx.xx.xx:xxxx > moon.py -u tomcat <http://xx.xx.xx.xx:xxxx>
## Fckeditor ## Fckeditor
- 获取版本及常见上传页面检测 - 获取版本及常见上传页面检测
- fck<=2.4版本上传直接上传asa文件getshell - fck<=2.4版本上传直接上传asa文件getshell
> moon.py -u fck http://xx.xx.xx.xx/fckxx > moon.py -u fck <http://xx.xx.xx.xx/fckxx>
## Weblogic ## Weblogic
- CVE_2017_10271 #利用方法参考https://vulhub.org - CVE_2017_10271 # 利用方法参考:<https://vulhub.org>
- weblogic_ssrf_cve-2014-4210 - weblogic_ssrf_cve-2014-4210
- weblogic_weakpassword - weblogic_weakpassword
- CVE-2018-2628 #Author:xxlegend - CVE-2018-2628 # Author:xxlegend
- CNVD-C-2019-48814 - CNVD-C-2019-48814
- CVE-2019-2725 # 参考:<https://github.com/lufeirider/CVE-2019-2725>
> moon.py -u weblogic http://xx.xx.xx.xx:xxxx > moon.py -u weblogic <http://xx.xx.xx.xx:xxxx>
## IP归属查询 ## IP归属查询
- 能简单查一下IP的归属地 - 能简单查一下IP的归属地
> moon.py -u ip http://www.xxx.com > moon.py -u ip <http://www.xxx.com>
## IIS ## IIS
- 短文件名泄露 #来自 lijiejie/IIS_shortname_Scanner - 短文件名泄露 #来自 lijiejie/IIS_shortname_Scanner
> moon.py -u iis http://xx.xx.xx.xx > moon.py -u iis <http://xx.xx.xx.xx>
## Docker ## Docker
- docker_daemon_api未授权访问 - docker_daemon_api未授权访问
> moon.py -u docker http://xx.xx.xx.xx:xxxx > moon.py -u docker <http://xx.xx.xx.xx:xxxx>
## Redis ## Redis
- redis未授权访问 - redis未授权访问
> moon.py -u redis http://xx.xx.xx.xx:xxxx or moon.py -u redis xx.xx.xx.xx:xxxx > moon.py -u redis <http://xx.xx.xx.xx:xxxx> or moon.py -u redis xx.xx.xx.xx:xxxx
## Zabbix ## Zabbix
- zabbix_sql_CVE_2016_10134 #有参考独自等待的脚本 - zabbix_sql_CVE_2016_10134 #有参考独自等待的脚本
> moon.py -u zabbix http://xx.xx.xx.xx:xxxx > moon.py -u zabbix <http://xx.xx.xx.xx:xxxx>
## Navigate ## Navigate
- navigate_Unauthenticated_Remote_Code_Execution #利用方法参考 https://www.exploit-db.com/exploits/45561/ - navigate_Unauthenticated_Remote_Code_Execution #利用方法参考 <https://www.exploit-db.com/exploits/45561/>
> moon.py -u navigate http://xx.xx.xx.xx:xxxx > moon.py -u navigate <http://xx.xx.xx.xx:xxxx>
## Gatepass ## Gatepass
- Gate Pass Management System 2.1 - 'login' SQL Injection #参考 https://www.exploit-db.com/exploits/45766/ - Gate Pass Management System 2.1 - 'login' SQL Injection # 参考 <https://www.exploit-db.com/exploits/45766/>
> moon.py -u gatepass http://xx.xx.xx.xx:xxxx > moon.py -u gatepass <http://xx.xx.xx.xx:xxxx>
## Jboss ## Jboss
@@ -79,19 +80,19 @@
- Checking web-console - Checking web-console
- Checking jmx-console - Checking jmx-console
- JMXInvokerServlet - JMXInvokerServlet
- 此模块调用的是 #jexboss - 此模块调用的是 # jexboss
> moon.py -u jboss http://xx.xx.xx.xx:xxxx > moon.py -u jboss <http://xx.xx.xx.xx:xxxx>
## Kindeditor ## Kindeditor
- kindeditor<=4.1.5文件上传漏洞 - kindeditor<=4.1.5文件上传漏洞
> moon.py -u kindeditor http://xx.xx.xx.xx:xxxx/kidneditor-4.1.5 > moon.py -u kindeditor <http://xx.xx.xx.xx:xxxx/kidneditor-4.1.5>
## Drupal ## Drupal
- Drupal < 7.32 Drupalgeddon SQL注入漏洞CVE-2014-3704 - Drupal < 7.32 Drupalgeddon SQL注入漏洞CVE-2014-3704
- Drupal Drupalgeddon 2远程代码执行漏洞CVE-2018-7600 # https://github.com/a2u/CVE-2018-7600/blob/master/exploit.py - Drupal Drupalgeddon 2远程代码执行漏洞CVE-2018-7600 # <https://github.com/a2u/CVE-2018-7600/blob/master/exploit.py>
> moon.py -u drupal http://xxx.xxx.xxx.xxx:xxxx > moon.py -u drupal <http://xxx.xxx.xxx.xxx:xxxx>

3
weblogic/CVE_2017_10271.py
View File

@@ -1,12 +1,9 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import sys
import requests import requests
import time
from random import * from random import *
import string import string
''' '''
Usage: Usage:
moon.py -u weblogic http://127.0.0.1:7001 moon.py -u weblogic http://127.0.0.1:7001

5
weblogic/CVE_2018_2628.py
View File

@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# 原作者:xxlegend # 原作者: xxlegend
import socket import socket
import time import time
import re import re
@@ -68,4 +68,7 @@ if __name__=="__main__":
dip = sys.argv[1] dip = sys.argv[1]
dport = int(sys.argv[2]) dport = int(sys.argv[2])
print 'Test Address:', dip, dport print 'Test Address:', dip, dport
try:
run(dip,dport,0) run(dip,dport,0)
except:
print(dport,dip,'is not vul.')

185
weblogic/CVE_2019_2725.py Normal file
View File

File diff suppressed because one or more lines are too long

2
weblogic/Main_weblogic.py
View File

@@ -1,4 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import weblogic.CVE_2019_2725
import weblogic.CVE_2017_10271 import weblogic.CVE_2017_10271
import weblogic.ssrf import weblogic.ssrf
import weblogic.weblogic_weakpasswd import weblogic.weblogic_weakpasswd
@@ -11,6 +12,7 @@ def exec(URL):
weblogic.CVE_2017_10271.attack(URL) weblogic.CVE_2017_10271.attack(URL)
weblogic.ssrf.attack(URL) weblogic.ssrf.attack(URL)
weblogic.weblogic_weakpasswd.attack(URL) weblogic.weblogic_weakpasswd.attack(URL)
weblogic.CVE_2019_2725.attack(URL+'/')
print('[+]开始检测-Weblogic-CVE-2018-2628。[+]') print('[+]开始检测-Weblogic-CVE-2018-2628。[+]')
#切换工作路径 #切换工作路径