vulcat-v1.1.3
2022.09.05
vulcat-v1.1.3
- 新增POC
- Apache httpd 2.4.48 mod_proxy SSRF (CVE-2021-40438)
- Apache httpd 2.4.49 路径遍历 (CVE-2021-41773)
- Apache HTTP Server 2.4.50 路径遍历 (CVE-2021-42013)
- influxdb 未授权访问 (暂无编号)
- jetty 模糊路径信息泄露 (CVE-2021-28164)
- jetty Utility Servlets ConcatServlet 双重解码信息泄露 (CVE-2021-28169)
- jetty 模糊路径信息泄露 (CVE-2021-34429)
- Jupyter 未授权访问 (暂无编号)
- mini_httpd 任意文件读取 (CVE-2018-18778)
- Nexus Repository Manager 3 远程命令执行 (CVE-2019-7238)
- Nexus Repository Manager 3 远程命令执行 (CVE-2020-10199)
- Nexus Repository Manager 3 远程命令执行 (CVE-2020-10204)
- Nexus Repository Manager 2 yum插件 远程命令执行 (CVE-2019-5475)
- Nexus Repository Manager 2 yum插件 二次远程命令执行 (CVE-2019-15588)
-
新增参数
--auth: 添加Authorization (如: --auth "Basic YWRtaW46YWRtaW4=")
--socks4-proxy: socks4代理 (如: --socks4-proxy 127.0.0.1:8080)
--socks5-proxy: socks5代理 (如: --socks5-proxy 127.0.0.1:8080 或 admin:123456@127.0.0.1:8080) -
优化部分POC
- new POC:
- Apache httpd 2.4.48 mod_proxy SSRF (CVE-2021-40438)
- Apache httpd 2.4.49 Directory traversal (CVE-2021-41773)
- Apache HTTP Server 2.4.50 Directory traversal (CVE-2021-42013)
- influxdb unAuthorized (暂无编号)
- jetty Disclosure information (CVE-2021-28164)
- jetty Utility Servlets ConcatServlet Disclosure information (CVE-2021-28169)
- jetty Disclosure information (CVE-2021-34429)
- Jupyter unAuthorized (暂无编号)
- mini_httpd FileRead (CVE-2018-18778)
- Nexus Repository Manager 3 Remote code execution (CVE-2019-7238)
- Nexus Repository Manager 3 Remote code execution (CVE-2020-10199)
- Nexus Repository Manager 3 Remote code execution (CVE-2020-10204)
- Nexus Repository Manager 2 yum Remote code execution (CVE-2019-5475)
- Nexus Repository Manager 2 yum Remote code execution (CVE-2019-15588)
-
New parameters:
--auth: add Authorization (e.g. --auth "Basic YWRtaW46YWRtaW4=")
--socks4-proxy: socks4 Proxy (e.g. --socks4-proxy 127.0.0.1:8080)
--socks5-proxy: socks5 Proxy (e.g. --socks5-proxy 127.0.0.1:8080 or admin:123456@127.0.0.1:8080) -
Optimized partial POC