daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update antsword-backdoor.yaml

patch-1
Prince Chaddha 2022-02-01 01:52:39 +05:30 committed by GitHub
parent e5a77aa803
commit e1b8bf3da2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
vulnerabilities/other/antsword-backdoor.yaml
View File

@ -1,13 +1,12 @@
id: antsword-backdoor id: antsword-backdoor
info: info:
name: AntSword_bypass_disable_functions_shell name: Antsword backdook
author: ffffffff0x author: ffffffff0x
severity: critical severity: critical
description: | description: 蚁剑「绕过 disable_functions」插件生成的 shell
蚁剑「绕过 disable_functions」插件生成的 shell
reference: https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9 reference: https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9
tags: backdoor tags: backdoor,antsword
requests: requests:
- method: POST - method: POST
@ -15,25 +14,15 @@ requests:
- "{{BaseURL}}/.antproxy.php" - "{{BaseURL}}/.antproxy.php"
headers: headers:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
body: 'ant=phpinfo();' body: 'ant=echo md5("antproxy.php");'
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "PHP Extension" - "951d11e51392117311602d0c25435d7f"
- "PHP Version"
- "Zend"
- "探针"
condition: or
- type: status - type: status
status: status:
- 200 - 200
extractors:
- type: regex
part: body
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'