search

0x727 / FingerprintHub

侦查守卫(ObserverWard)的指纹库
https://0x727.github.io/FingerprintHub/
MIT License
1.01k stars 188 forks source link

修改指纹-[apache-struts] #102

Closed j4vaovo closed 1 year ago

j4vaovo commented 1 year ago

测试目标

http://123.60.216.124:8080/YIYUAN/

指纹的Yaml规则

name: apache-struts
priority: 1
nuclei_tags:
  - - struts
fingerprint:
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers:
      Location: /index.action
    keyword: []
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers:
      Location: /login.action
    keyword: []
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - ="struts.token.name"
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - <form action="login.action" method="post
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - <form action="/login.action" method="post
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - content="Struts2 Showcase for Apache Struts Project"
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - struts problem report
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - there is no action mapped for namespace
    favicon_hash: []
  - path: /
    request_method: get
    request_headers: {}
    request_data: ''
    status_code: 0
    headers: {}
    keyword:
      - no result defined for action and result input
    favicon_hash: []
github-actions[bot] commented 1 year ago

验证过程:

点击展开查看

```bash URL: http://123.60.216.124:8080/YIYUAN/ HEADERS: server: Apache-Coyote/1.1 set-cookie: JSESSIONID=E8185CA8752E2C86259AD1A1FA952C04; Path=/YIYUAN; HttpOnly content-type: text/html;charset=UTF-8 transfer-encoding: chunked date: Mon, 08 May 2023 06:25:25 GMT STATUS_CODE: 200 TEXT: 一缘煤业库房管理系统

由于当前浏览器版本过低不支持最新h5皮肤,您可以下载登录系统
© 2022 山西潞安集团和顺一缘煤业有限责任公司 版权所有
FAVICON: { "http://123.60.216.124:8080/YIYUAN/portal/share/images/logo/logo32x32.ico;jsessionid=E8185CA8752E2C86259AD1A1FA952C04": "aba286a276641d19b93988470770c789", "http://123.60.216.124:8080/favicon.ico": "4644f2d45601037b8423d45e13194c93", } Matching fingerprintV3WebFingerPrint { name: "apache-struts", priority: 1, request: WebFingerPrintRequest { path: "/", request_method: "get", request_headers: {}, request_data: "", }, match_rules: WebFingerPrintMatch { status_code: 0, favicon_hash: [], headers: {}, keyword: [ "=\"struts.token.name\"", ], }, } ```

验证结果:

github-actions[bot] commented 1 year ago

审核通过: