We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
用fscan扫到了一个poc-yaml-struts2_046-2,根据poc,应该是判断返回里面是否有"struts2_security_check" 这里遇到一个站点,直接返回的无效文件名,如下: 然而这里貌似没有漏洞,感觉这里可能需要改改
The text was updated successfully, but these errors were encountered:
这个struts2-046-2 poc硬编码确实有点问题。struts2-046-1可能比较准确,struts2-046-2把关键字符分开了。这个算是s2-46-1的补充。后面考虑删掉或修改命令执行内容吧
Sorry, something went wrong.
由于误报率问题,只保留了 s2-046-1的poc 了,s2-046-2先删除了 .(#res.getWriter().print('struts2_security_')).(#res.getWriter().print('check'))
No branches or pull requests
用fscan扫到了一个poc-yaml-struts2_046-2,根据poc,应该是判断返回里面是否有"struts2_security_check"
![image](https://user-images.githubusercontent.com/48286013/110941848-e61bee80-8373-11eb-93ff-50a0b0cbd75b.png)
这里遇到一个站点,直接返回的无效文件名,如下:
然而这里貌似没有漏洞,感觉这里可能需要改改
The text was updated successfully, but these errors were encountered: