vulcat-v1.1.4
2022.10.10
vulcat-v1.1.4
- 新POC:
- Apache SkyWalking SQL注入(CVE-2020-9483)
- Solr 远程命令执行(CVE-2017-12629)
- Solr Velocity 注入远程命令执行(CVE-2019-17558)
- phpMyadmin Scripts/setup.php 反序列化(WooYun-2016-199433)
- phpMyadmin 4.8.1 远程文件包含(CVE-2018-12613)
- PHPUnit 远程代码执行(CVE-2017-9841)
- Spring Security OAuth2 远程命令执行(CVE-2016-4977)
- Spring Data Rest 远程命令执行(CVE-2017-8046)
- Spring Data Commons 远程命令执行(CVE-2018-1273)
- 新功能:
- --list已经支持英文,可通过使用“python vulcat.py --list”查看英文的漏洞列表(vulcat默认语言改为英文,可以修改文件vulcat/lib/initial/language.py进行语言的切换)
- New POC:
- Apache SkyWalking SQLinject (CVE-2020-9483)
- Solr Remote Command Execution (CVE-2017-12629)
- Solr Remote Code Execution Via Velocity Custom Template (CVE-2019-17558)
- phpMyAdmin Scripts/setup.php Deserialization (WooYun-2016-199433)
- phpMyAdmin 4.8.1 Remote File Inclusion (CVE-2018-12613)
- PHPUnit Remote Command Execution (CVE-2017-9841)
- Spring Security OAuth2 Remote Command Execution (CVE-2016-4977)
- Spring Data Rest Remote Command Execution (CVE-2017-8046)
- Spring Data Commons Remote Command Execution (CVE-2018-1273)
- New features:
- --list already supports English, you can view the list of vulnerabilities in English by using "python vulcat.py --list" (the default language of vulcat is changed to English, and the file vulcat/lib/initial/language.py can be modified for language switching)