You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
users may guided to set config:/ShuiZe_0x727/iniFile/config.ini, without checking data from unsafe config: /ShuiZe_0x727/iniFile/config.ini and eval variables in n ShuiZe_0x727/ShuiZe.py -> func: get_GitSensitiveInfo, ShuiZe_0x727/Plugins/infoGather/Intranet/scanPort/scanPort.py -> var: _web_ports, causes command execute
payload: 'connect' if __import__('os').system('echo 触发成功') else 'connect'
PROVE:
Users need to set /ShuiZe_0x727/iniFile/config.ini -> var: GITHUB_TOKEN to trigger this vulnerability(or they download an entire unsafe /ShuiZe_0x727/iniFile/config.ini contains github_token and payload directly)
Firstly append a payload in list: /ShuiZe_0x727/iniFile/config.ini -> var: github_keywords
Secondly run ShuiZe
example: python3 ShuiZe.py -d steam.com
Thirdly you can find it successfully run cmd: echo 触发成功
proved Config Command Execute
discovered by leeya_bug
The text was updated successfully, but these errors were encountered:
Vulnerability Product: ShuiZe_0x727 v1.0
Vulnerability version: v1.0
Vulnerability type: Config Command Execute
Vulnerability Details:
Vulnerability location: ShuiZe_0x727/ShuiZe.py -> func: get_GitSensitiveInfo, ShuiZe_0x727/Plugins/infoGather/Intranet/scanPort/scanPort.py -> var: _web_ports
users may guided to set config:/ShuiZe_0x727/iniFile/config.ini, without checking data from unsafe config: /ShuiZe_0x727/iniFile/config.ini and eval variables in n
ShuiZe_0x727/ShuiZe.py -> func: get_GitSensitiveInfo,ShuiZe_0x727/Plugins/infoGather/Intranet/scanPort/scanPort.py -> var: _web_ports, causes command executepayload:
'connect' if __import__('os').system('echo 触发成功') else 'connect'PROVE:
Users need to set
/ShuiZe_0x727/iniFile/config.ini -> var: GITHUB_TOKENto trigger this vulnerability(or they download an entire unsafe /ShuiZe_0x727/iniFile/config.ini contains github_token and payload directly)Firstly append a payload in list:
/ShuiZe_0x727/iniFile/config.ini -> var: github_keywordsSecondly run ShuiZe
example:
python3 ShuiZe.py -d steam.comThirdly you can find it successfully run cmd:
echo 触发成功proved Config Command Execute
discovered by leeya_bug
The text was updated successfully, but these errors were encountered: