We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
我在实际使用中发现下面几个POC容易误报
poc中判断规则宽泛
我看了reference中的链接
https://github.com/Luci4n555/cve_ectouch/blob/dc8d8bb0110151fd57e64c4290962d65e0e9f6f5/poc.py#L25
应该写成下面的会比较好
response.status == 200 && "XPATH syntax error: '~(.*)~'".bmatches(response.body)
只判断了Token和id显然也是太宽泛了, 这些字符串还挺常见的
Token
id
可能得配合header或者其他关键字
只判断了Microsoft SQL Server
Microsoft SQL Server
tenda-downloadcfg-leak
The text was updated successfully, but these errors were encountered:
No branches or pull requests
我在实际使用中发现下面几个POC容易误报
CVE-2023-39560
poc中判断规则宽泛
我看了reference中的链接
https://github.com/Luci4n555/cve_ectouch/blob/dc8d8bb0110151fd57e64c4290962d65e0e9f6f5/poc.py#L25
应该写成下面的会比较好
response.status == 200 && "XPATH syntax error: '~(.*)~'".bmatches(response.body)easycvr-default-password
只判断了
Token和id显然也是太宽泛了, 这些字符串还挺常见的可能得配合header或者其他关键字
chanjet-tplus-checkpassword-sqli
只判断了
Microsoft SQL Servertenda-downloadcfg-leak
The text was updated successfully, but these errors were encountered: