# exp **Repository Path**: ahicode/exp ## Basic Information - **Project Name**: exp - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-09-16 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Middleware-Vulnerability-detection ![](https://img.shields.io/badge/Products-count-ff69b4) ![](https://img.shields.io/badge/%E6%B3%9B%E5%BE%AE-3-363463) ![](https://img.shields.io/badge/Joomla-1-607bca) ![](https://img.shields.io/badge/Harbor-1-607bca) ![](https://img.shields.io/badge/Kibana-1-607bca) ![](https://img.shields.io/badge/Jboss-1-607bca) ![](https://img.shields.io/badge/seeyon-1-607bca) ![](https://img.shields.io/badge/ThinkCMF-1-607bca) ![](https://img.shields.io/badge/PHP+FPM-1-607bca) ![](https://img.shields.io/badge/phpStudy-1-607bca) ![](https://img.shields.io/badge/FusionAuth-1-607bca) ![](https://img.shields.io/badge/ApacheKylin-1-607bca) ![](https://img.shields.io/badge/phpMyadmin-1-607bca) ![](https://img.shields.io/badge/Apache-3-363463) ![](https://img.shields.io/badge/MetaCRM-1-607bca) ![](https://img.shields.io/badge/Mongo-1-607bca) ![](https://img.shields.io/badge/flink-1-607bca) ![](https://img.shields.io/badge/Liferay-1-607bca) ![](https://img.shields.io/badge/蜂网互联企业级路由器-1-607bca) ![](https://img.shields.io/badge/Citrix-1-607bca) ![](https://img.shields.io/badge/Tomcat-2-3a499a) ![](https://img.shields.io/badge/Jira-1-607bca) ![](https://img.shields.io/badge/Intellian-1-607bca) ![](https://img.shields.io/badge/Exchange-1-607bca) ![](https://img.shields.io/badge/Cacti-1-607bca) ![](https://img.shields.io/badge/Weblogic-2-3a499a) ![](https://img.shields.io/badge/ModSecurity-1-607bca) ![](https://img.shields.io/badge/zoho-1-607bca) ![](https://img.shields.io/badge/Spring-1-607bca) ![](https://img.shields.io/badge/通达OA-4-363463) ![](https://img.shields.io/badge/Vmware-1-607bca) ![](https://img.shields.io/badge/宝塔-1-607bca) ![](https://img.shields.io/badge/Microsoft%20Dynamics%20Business%20Central-1-607bca) ![](https://img.shields.io/badge/Nexus-2-3a499a) ![](https://img.shields.io/badge/Open%20AudIT-1-607bca) ![](https://img.shields.io/badge/SaltStack-1-607bca) ![](https://img.shields.io/badge/Fastjson-8-e96a23) ![](https://img.shields.io/badge/Shiro-2-3a499a) ![](https://img.shields.io/badge/F5BIGIP-1-607bca) ![](https://img.shields.io/badge/SAP-1-607bca) ![](https://img.shields.io/badge/Sangfor-1-607bca) *** # 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 2020.4.18项目迎来两位伙伴一起维护 [@caizhuang](https://github.com/caizhuang) 🍺🍺🍺 [@3ndz](https://github.com/3ndz)🍺🍺🍺 --- ![image](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/blob/master/pic/back.jpg) ## Apache --[2019 Apache-flink 未授权访问任意](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Apache/Apache-flink%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E4%BB%BB%E6%84%8Fjar%E5%8C%85%E4%B8%8A%E4%BC%A0%E5%8F%8D%E5%BC%B9shell) --[2019 CVE-2019-0193 Apache-Solr via Velocity template RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Apache/CVE-2019-0193%20Apache-Solr%20via%20Velocity%20template%20RCE) --[2020.3 CVE-2019-17564 Apache-Dubbo反序列化漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Apache/CVE-2019-17564%20Apache-Dubbo%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E) --[2020.7 CVE-2020-13925 Apache Kylin 远程命令执行漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Apache/CVE-2020-13925%20Apache%20Kylin%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E) ## Cacti --[2020.2 CVE-2020-8813 Cacti v1.2.8 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Cacti/CVE-2020-8813%20Cacti%20v1.2.8%20RCE) ## Citrix --[2020.1 Citrix Application Delivery Controller和Citrix Gateway RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Citrix/CVE-2019-19781%20Citrix%20Application%20Delivery%20Controller%E5%92%8CCitrix%20Gateway%E7%9A%84RCE) ## Exchange --[2020.3 CVE-2020-0688 Exchange RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Exchange/CVE-2020-0688%20Exchange%20Rce) ## F5 BIG-IP --[2020.7 CVE-2020-5902 F5 BIG-IP TMUI 远程代码执行漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/F5%20BIG-IP/CVE-2020-5902%20F5%20BIG-IP%20TMUI%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E) ## Fastjson --[2020 Fastjson RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Fastjson/Fastjson%E5%90%84%E7%89%88%E6%9C%AC%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%B1%87%E6%80%BB) ## FusionAuth --[2020.2 CVE-2020-7799 FusionAuth 1.10 RCE ](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/FusionAuth/CVE-2020-7799) ## Harbor --[2019 CVE-2019-16097 任意管理员注册漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Harbor/CVE-2019-16097%20%E4%BB%BB%E6%84%8F%E7%AE%A1%E7%90%86%E5%91%98%E6%B3%A8%E5%86%8C%E6%BC%8F%E6%B4%9E) ## Intellian-Aptus-Web --[2020.2 CVE-2020-7980 Intellian Aptus Web 1.24 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Intellian-Aptus-Web/CVE-2020-7980) ## Jira --[2019 CVE-2019-8449 JIRA 信息泄漏](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Jira/CVE-2019-8449%20JIRA%20信息泄漏) ## Joomla --[2019 Joomla-3.4.6-RCE.py](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Joomla) ## Kibana --[2019 CVE-2019-7609 Kibana Timelion visualizer命令执行](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Kibana/CVE-2019-7609) ## Liferay --[2020.3 CVE-2020-7961 Liferay Portal JSON Web Service RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Liferay/CVE-2020-7961%20Liferay%20Portal%20JSON%20Web%20Service%20RCE) ## Meta CRM --[2019 Meta CRM 任意文件上传](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Meta%20CRM/任意文件上传) ## Microsoft Dynamics Business Central --[2020.4 CVE-2020-0905 Dynamics Business Central远程代码执行漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Dynamics%20Business%20Central/CVE-2020-0905) ## ModSecurity --[2020.1 CVE-2019-19886 ModSecurity DOS](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/ModSecurity/CVE-2019-19886%20ModSecurity%20DOS) ## Mongo --[2020.1 CVE-2019-10758 mongo-express RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Mongo/CVE-2019-10758%20mongo-express%20RCE) ## Nexus --[2020.3 CVE-2020-10199 Nexus Repository Manager 3 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Nexus/CVE-2020-10199%20Nexus%20Repository%20Manager%203%20表达式解析漏洞%20RCE) --[2020.3 CVE-2020-10204 Nexus Repository Manager 3 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Nexus/CVE-2020-10199%20Nexus%20Repository%20Manager%203%20表达式解析漏洞%20RCE) ## Open-AudIT --[2020.4 CVE-2020-12078 Open-AudIT v3.3.1 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Open-AudIT/CVE-2020-12078%20Open-AudIT%20v3.3.1%20RCE) ## PHP-FPM --[2019 CVE-2019-11043 nginx+php-fpm RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/PHP-FPM/CVE-2019-11043) ## phpMyadmin --[2020.1 CVE-2020-0554 phpMyadmin 后台SQL注入](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/phpMyadmin/CVE-2020-0554) ## phpStudy --[2019 phpStudy RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/phpStudy/phpStudy%20RCE) ## SaltStack --[2020.5 CVE-2020-11651、CVE-2020-11652 SaltStack远程命令执行漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/SaltStack/CVE-2020-11651%E3%80%81CVE-2020-11652%20SaltStack%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E) ## Sangfor --[2020.8 Sangfor EDR远程命令执行漏洞](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Sangfor/EDR) ## SAP --[2020.7 CVE-2020-6287 SAP NetWeaver AS JAVA 任意管理员添加](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/SAP/CVE-2020-6287%20SAP%20NetWeaver%20AS%20JAVA%20%E4%BB%BB%E6%84%8F%E7%AE%A1%E7%90%86%E5%91%98%E6%B7%BB%E5%8A%A0) ## seeyon --[2019 致远OA RCE任意文件写入](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/seeyon/致远OA%20RCE) ## Spring Cloud --[2020.3 CVE-2020-5405 Spring Cloud Config 目录穿越](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Spring%20Cloud/CVE-2020-5405%20Spring%20Cloud%20Config%20目录穿越) --[2020.6 CVE-2020-5410 Spring Cloud Config 目录穿越](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Spring%20Cloud/CVE-2020-5410%20Spring%20Cloud%20Config%20%E7%9B%AE%E5%BD%95%E7%A9%BF%E8%B6%8A) ## SQL Server --[2020.3 CVE-2020-0618 SQL Server Reporting Services中的RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/blob/master/SQL%20Server/CVE-2020-0618/README.MD) ## Shrio --[2016 & 2019 CVE-2016-4437 Shiro550 & Shiro721 RememberMe Padding Oracle](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Shiro/CVE-2016-4437%20Shiro550%20%26%20Shiro721%20RememberMe%20Padding%20Oracle) ## ThinkCMF --[2019 ThinkCMF框架任意文件包含](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/ThinkCMF/ThinkCMF框架任意文件包含) ## Tomcat --[2020.2 CVE-2020-1938 Apache Tomcat 文件包含](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Tomcat/CVE-2020-1938) --[2020.5 CVE-2020-9484 Apache Tomcat Session 反序列化 RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Tomcat/CVE-2020-9484%20Session%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20RCE) ## Vmware --[2020.4 CVE-2020-3952 信息泄露导致的vCenter 6.7 添加用户](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Vmware/CVE-2020-3952%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E5%AF%BC%E8%87%B4%E7%9A%84vCenter%206.7%20%E6%B7%BB%E5%8A%A0%E7%94%A8%E6%88%B7) ## Weblogic --[2020.3 CVE-2020-2551 Weblogic RCE with IIOP](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Weblogic/CVE-2020-2551%20Weblogic%20RCE%20with%20IIOP/weblogicScanner) --[2020.3 CVE-2020-2555 Oracle Coherence&WebLogic RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Weblogic/CVE-2020-2555%20Oracle%20Coherence%26WebLogic%20RCE) --[2020.7 CVE_2015_4852-CVE_2020_2555 历史漏洞GUI检测利用](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Weblogic/CVE_2015_4852-CVE_2020_2555%20%E5%8E%86%E5%8F%B2%E6%BC%8F%E6%B4%9EGUI%E6%A3%80%E6%B5%8B%E5%88%A9%E7%94%A8) ## Zoho --[2020.3 CVE-2020-10189 Zoho ManageEngine Desktop Central RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/Zoho/CVE-2020-10189%20Zoho%20ManageEngine%20Desktop%20Central%20RCE) ## 泛微e-cology OA --[2019 CNVD-2019-34241 SQL注入](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/泛微e-cology%20OA/CNVD-2019-34241%20SQL注入) --[2019 数据库配置信息泄露](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/泛微e-cology%20OA/数据库配置信息泄露) --[2019 泛微e-cology OA Beanshell组件远程代码执行](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/泛微e-cology%20OA/泛微e-cology%20OA%20Beanshell组件远程代码执行) ## 蜂网互联企业级路由器 --[2019 CVE-2019-16313 蜂网互联企业级路由器hash泄露](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/蜂网互联企业级路由器/CVE-2019-16313) ## 通达OA --[2020.3 通达OA任意文件上传配合文件包含导致的RCE](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/通达OA/通达OA任意文件上传配合文件包含导致的RCE) --[2020.4 通达 OA 任意用户登录 ](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BE%20OA%20%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95) --[2020.4 通达OA任意用户登录配合RCE getshell ](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E9%85%8D%E5%90%88RCE%20getshell) --[2020.8 通达OA 变量覆盖导致RCE ](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20%E5%8F%98%E9%87%8F%E8%A6%86%E7%9B%96%E5%AF%BC%E8%87%B4%E7%9A%84RCE) ## 宝塔 --[2020.8 宝塔数据库未授权访问](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/tree/master/%E5%AE%9D%E5%A1%94/%E5%AE%9D%E5%A1%94%E6%95%B0%E6%8D%AE%E5%BA%93%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE)