xray poc 扫描器
简介 xray poc 发生了一次改版。导致之前的poc引擎不能使用。正好之前工作做过这方面的工作,重新写了一版xray poc v2版本的poc解析工具。 xray v2版格式:docsxraycool/#/guide/poc/v2 特此开源出来,希望能和研究这方面技术的师傅多交流。 使用 编译 go build -x -ldflags "-s -w" -o xray_poc
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ofbiz |