Skip to content

Commit

Permalink
nuclei v3.0.2 && 更新poc
Browse files Browse the repository at this point in the history
  • Loading branch information
@SleepingBag945
SleepingBag945 committed Nov 1, 2023
1 parent 266e6f4 commit b0a49d0
Show file tree
Hide file tree
Showing 7,819 changed files with 71,524 additions and 369,583 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ coco@Mac dalaodddd % ./dddd -h
\__,_| \__,_| \__,_| \__,_|
_|"""""|_|"""""|_|"""""|_|"""""|
"`-0-0-'"`-0-0-'"`-0-0-`"`-0-0-'
dddd.version: 1.2
dddd.version: 1.3
Usage of ./dddd:
-Pn
Expand Down Expand Up @@ -524,7 +524,7 @@ JDWP RCE
# 更新历史
2023HVV 漏洞正在更新
支持nuclei v3.0。新加85poc。干就完了!
[更新历史](Update.md)
Expand Down
232 changes: 232 additions & 0 deletions Update.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,237 @@
# 更新日志



## 2023.11.1

**同步nuclei引擎至v3.0.2,方便支持nuclei官方最新模板。**

同步nuclei poc v9.6.4

其中以*打头的为从用户自定义模板更换工作流至nuclei官方的模板。

```
CVE-2023-41892 (CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution)
CVE-2023-39677 (PrestaShop MyPrestaModules - PhpInfo Disclosure)
CVE-2023-39676 (PrestaShop fieldpopupnewsletter Module - Cross Site Scripting)
CVE-2023-30943 (Moodle - Cross-Site Scripting/Remote Code Execution)
CVE-2023-25573 (Metersphere - Arbitrary File Read)
CVE-2023-22463 (KubePi JwtSigKey 登陆绕过漏洞)
CVE-2022-0342 (Zyxel - Authentication Bypass)
phpldapadmin-xss
*CNVD-C-2023-76801 (UFIDA NC uapjs - RCE vulnerability)
*CNVD-2022-43245 (Weaver OA XmlRpcServlet - Arbitary File Read)
*CNVD-2021-33202 (Weaver OA E-Cology LoginSSO.jsp - SQL Injection)
*chanjet-tplus-rce (Chanjet TPlus GetStoreWarehouseByStore - Remote Command Execution)
*landray-oa-sysSearchMain-editParam-rce
*landray-oa-treexml-rce
*aic-intelligent-password-exposure
*cloud-oa-system-sqli
*cmseasy-crossall-sqli
*comai-ras-cookie-bypass
*huiwen-bibliographic-info-leak
*sanhui-smg-file-read
*seeyon-oa-log4j
*zhixiang-oa-msglog-sqli
*secsslvpn-auth-bypass(奇xx VPN认证绕过)
*realor-gwt-system-sqli
*ruijie-nbr-fileupload.yaml
*sangfor-login-rce (应用交付)
*secgate-3600-file-upload
*seeyon-config-exposure
*seeyon-createmysql-exposure
*seeyon-initdata-exposure
*seeyon-oa-fastjson-rce
*seeyon-oa-setextno-sqli
*shiziyu-cms-apicontroller-sqli
*seeyon-oa-sp2-file-upload
*smartbi-deserialization
*jolokia-logback-jndi-rce
*tongda-action-uploadfile
*tongda-api-file-upload
*tongda-arbitrary-login
*tongda-contact-list-exposure
*tongda-getdata-rce
*tongda-getway-rfi
*tongda-insert-sqli
*tongda-login-code-authbypass
*tongda-meeting-unauth
*tongda-oa-swfupload-sqli
*tongda-report-func-sqli
*tongda-video-file-read
*topsec-topacm-rce
*topsec-topapplb-auth-bypass
*wanhu-documentedit-sqli
*wanhu-download-ftp-file-read
*wanhu-download-old-file-read
*wanhu-oa-fileupload-controller-arbitrary-file-upload
*wanhu-teleconferenceservice-xxe
*wanhuoa-officeserverservlet-file-upload
*wanhuoa-smartupload-file-upload
*ecology-jqueryfiletree-traversal
*ecology-verifyquicklogin-auth-bypass
*ecology-oa-byxml-xxe
*weaver-checkserver-sqli
*weaver-e-cology-validate-sqli
*weaver-e-mobile-rce
*weaver-ebridge-lfi
*weaver-ecology-bshservlet-rce
*weaver-ecology-getsqldata-sqli
*weaver-ecology-hrmcareer-sqli
*weaver-group-xml-sqli
*weaver-jquery-file-upload
*weaver-ktreeuploadaction-file-upload
*weaver-lazyuploadify-file-upload
*weaver-login-sessionkey
*weaver-mysql-config-info-leak
*weaver-office-server-file-upload
*weaver-officeserver-lfi
*weaver-signaturedownload-lfi
*weaver-sptmforportalthumbnail-lfi
*weaver-uploadify-file-upload
*weaver-uploadoperation-file-upload
*weaver-userselect-unauth
*wechat-info-leak
*chanjet-gnremote-sqli
*chanjet-tplus-checkmutex-sqli
*chanjet-tplus-file-read (Downloadproxy)
*chanjet-tplus-fileupload
*chanjet-tplus-ufida-sqli
*grp-u8-uploadfiledata-fileupload
*yonyou-fe-directory-traversal
*yonyou-filereceiveservlet-fileupload
*yonyou-grp-u8-xxe
*yonyou-nc-accept-fileupload
*yonyou-nc-baseapp-deserialization
*yonyou-nc-dispatcher-fileupload
*yonyou-nc-grouptemplet-fileupload
*yonyou-nc-info-leak
*yonyou-nc-ncmessageservlet-rce
*yonyou-u8-crm-fileupload
*yonyou-u8-crm-lfi
*dlink-centralized-default-login
*o2oa-default-login
*aruba-instant-default-login
*ciphertrust-default-login
*cnzxsoft-default-login
*supershell-default-login
*seeyon-a8-default-login
*seeyon-monitor-default-login
*smartbi-default-login
*ac-weak-login (wayos)
```



同步nuclei poc v9.6.5

```
CVE-2023-43261 (Milesight Routers - Information Disclosure)
CVE-2023-42793 (JetBrains TeamCity < 2023.05.4 - Remote Code Execution)
CVE-2023-42442 (JumpServer > 3.6.4 - Information Disclosure)
CVE-2023-37474 (Copyparty <= 1.8.2 - Directory Traversal)
CVE-2023-36845 (Juniper J-Web - Remote Code Execution)
CVE-2023-35813 (Sitecore - Remote Code Execution)
CVE-2023-34259 (Kyocera TASKalfa printer - Path Traversal)
CVE-2023-33831 (FUXA - Unauthenticated Remote Code Execution)
CVE-2023-31465 (TimeKeeper by FSMLabs - Remote Code Execution)
CVE-2023-30013 (TOTOLink - Unauthenticated Command Injection)
CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass)
CVE-2023-22515 (Atlassian Confluence - Privilege Escalation)
CVE-2023-5074 (D-Link D-View 8 v2.0.1.28 - Authentication Bypass)
CVE-2023-4568 (PaperCut NG Unauthenticated XMLRPC Functionality)
CVE-2023-2766 (Weaver OA 9.5 - Information Disclosure)
xploitspy-default-login
mercurial-hgignore
sangfor-nextgen-lfi
yonyou-u8-sqli (Yonyou U8 bx_historyDataCheck - SQL Injection)
*CVE-2022-25568 (MotionEye Config Info Disclosure)
```



同步nuclei poc v9.6.6

```
CVE-2022-47075 (Smart Office Web 20.28 - Information Disclosure)
CVE-2023-40779 (IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect)
CVE-2023-39110 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-39109 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-39108 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-34756 (Bloofox v0.5.2.1 - SQL Injection)
CVE-2023-34755 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34753 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34752 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34751 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2021-29006 (rConfig 3.9.6 - Local File Inclusion)
CVE-2023-4974 (Academy LMS 6.2 - SQL Injection)
CVE-2023-3710 (Honeywell PM43 Printers - Command Injection)
CVE-2023-0947 (Flatpress < 1.3 - Path Traversal)
CVE-2023-0777 (modoboa 2.0.4 - Admin TakeOver)
CVE-2021-41749 (CraftCMS SEOmatic - Server-Side Template Injection)
CVE-2020-13638 (rConfig 3.9 - Authentication Bypass(Admin Login))
CVE-2020-13851 (Artica Pandora FMS 7.44 - Remote Code Execution)
CVE-2020-6950 (Eclipse Mojarra - Local File Read)
CVE-2018-7282 (TITool PrintMonitor - Blind SQL Injection)
joomla-com-booking-component
joomla-iproperty-real-estate-xss
joomla-joombri-careers-xss
joomla-jvtwitter-xss
joomla-marvikshop-sqli
joomla-marvikshop-xss
joomla-solidres-xss
doorgets-info-disclosure
kingsoft-vgm-lfi
sound4-impact-auth-bypass
sound4-impact-password-auth-bypass
stackposts-sqli
servicenow-widget-misconfig
batflat-default-login
etl3100-default-login
rconfig-default-login
timekeeper-default-login
wazuh-default-login
```



nuclei poc v9.6.7 无可同步poc



同步nuclei poc v9.6.8

```
CVE-2023-46747 (F5 BIG-IP - Unauthenticated RCE via AJP Smuggling)
CVE-2023-45852 (Viessmann Vitogate 300 - Remote Code Execution)
CVE-2023-37679 (NextGen Mirth Connect - Remote Code Execution)
CVE-2023-4966 (Citrix Bleed - Leaking Session Tokens)
CVE-2022-36553 (Hytec Inter HWL-2511-SS - Remote Command Execution)
tiny-file-manager-unauth
opache-control-panel (Opache control Panel - Unauthenticated Access)
cisco-broadworks-log4j-rce
citrix-xenapp-log4j-rce
f-secure-policymanager-log4j-rce
flexnet-log4j-rce
fortiportal-log4j-rce
livebos-file-read
logstash-log4j-rce
okta-log4j-rce
papercut-log4j-rce
openshift-log4j-rce
pega-log4j-rce
splunk-enterprise-log4j-rce
symantec-sepm-log4j-rce
```



嘎了nuclei ignore找不到的报错



## 2023.9.16

同步nuclei引擎 **v2.9.14**
Expand Down
23 changes: 7 additions & 16 deletions common/callnuclei/callnuclei.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package callnuclei

import (
"fmt"
"github.com/projectdiscovery/nuclei/v2/pkg/output"
"github.com/projectdiscovery/nuclei/v3/pkg/output"
"os"
"os/signal"
"runtime"
Expand All @@ -12,11 +12,11 @@ import (
"github.com/projectdiscovery/goflags"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/gologger/levels"
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
"github.com/projectdiscovery/nuclei/v2/pkg/exportrunner"
"github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
"github.com/projectdiscovery/nuclei/v2/pkg/utils/monitor"
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
"github.com/projectdiscovery/nuclei/v3/pkg/exportrunner"
"github.com/projectdiscovery/nuclei/v3/pkg/operators/common/dsl"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
"github.com/projectdiscovery/nuclei/v3/pkg/utils/monitor"
errorutil "github.com/projectdiscovery/utils/errors"
fileutil "github.com/projectdiscovery/utils/file"
)
Expand All @@ -31,6 +31,7 @@ func CallNuclei(TargetAndPocsName map[string][]string,
proxy string,
callBack func(result output.ResultEvent),
nameForSearch string) []output.ResultEvent {

// 设置结果回调
output.AddResultCallback = callBack
if err := exportrunner.ExportRunnerConfigureOptions(); err != nil {
Expand Down Expand Up @@ -88,13 +89,6 @@ func CallNuclei(TargetAndPocsName map[string][]string,
for range c {
gologger.Info().Msgf("CTRL+C pressed: Exiting\n")
nucleiRunner.Close()
if options.ShouldSaveResume() {
gologger.Info().Msgf("Creating resume file: %s\n", resumeFileName)
err := nucleiRunner.SaveResumeConfig(resumeFileName)
if err != nil {
gologger.Error().Msgf("Couldn't create resume file: %s\n", err)
}
}
os.Exit(1)
}
}()
Expand Down Expand Up @@ -372,9 +366,6 @@ func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSear
// 源IP
options.SourceIP = ""

// 重写默认配置路径($home/.config)
options.CustomConfigDir = ""

// 最大读取响应大小(默认:10 * 1024 * 1024字节)
options.ResponseReadSize = 10 * 1024 * 1024

Expand Down
2 changes: 1 addition & 1 deletion common/flag.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func showBanner() {
\__,_| \__,_| \__,_| \__,_|
_|"""""|_|"""""|_|"""""|_|"""""|
"` + "`" + `-0-0-'"` + "`" + `-0-0-'"` + "`" + `-0-0-` + "`" + `"` + "`" + `-0-0-'
dddd.version: 1.2
dddd.version: 1.3
`
fmt.Println(banner)
}
Expand Down
4 changes: 2 additions & 2 deletions common/report/report.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ package report
import (
"dddd/structs"
"fmt"
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
"github.com/projectdiscovery/nuclei/v2/pkg/output"
"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
"github.com/projectdiscovery/nuclei/v3/pkg/output"
"os"
"strconv"
"strings"
Expand Down
Loading

0 comments on commit b0a49d0

Please sign in to comment.