29 lines
677 B
YAML
29 lines
677 B
YAML
id: antsword-backdoor
|
|
|
|
info:
|
|
name: Antsword backdook
|
|
author: ffffffff0x
|
|
severity: critical
|
|
description: 蚁剑「绕过 disable_functions」插件生成的 shell
|
|
reference: https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9
|
|
tags: backdoor,antsword
|
|
|
|
requests:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/.antproxy.php"
|
|
headers:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
body: 'ant=echo md5("antproxy.php");'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "951d11e51392117311602d0c25435d7f"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|