-
经测试,工具扫不出CVE-2022-22963、CVE-2022-22965
但是CVE-2022-22947能扫出来
-
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
- No.
**Describe the solution you…
-
-
Spring Cloud Gateway CVE-2022-22947 注入失败(直接使用的 Suo5WebFluxSpEL.txt ),相关错误日志如下,麻烦大师傅帮忙看看是啥原因:
2024-09-25 00:36:52.004 ERROR 12860 --- [ctor-http-nio-2] o.s.c.gateway.route.CachingRouteLocator : Refre…
-
The lastest version of spring-cloud-gateway-server is fixed, we need an older version.
```
org.springframework.cloud
spring-cloud-gateway-server
3.0.6
```
-
**What happened**: grype shows all packages
```shell
grype openjdk:8 --only-fixed
```
Result (Click me)
```shell
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed…
-
## Why you need it?
Is your feature request related to a problem? Please describe in details
- This is actually an extension of #6686 and https://github.com/oracle/graalvm-reachability-metadata/i…
-
Critical vulnerabilities in Docker image phpmyadmin:5.1.1
Maybe you should add a "vulnerability bot" or something to check that periodically.
https://github.com/anchore/grype
```
grype phpm…
-
师傅的漏洞检测逻辑是访问注册的hacktest路由,读取id命令的回显,但是这个只使用于linux系统,看师傅内置了payload2用于执行whoami,但是并没有针对windows漏洞检测逻辑,如果Spring Cloud Gateway部署在windows上,漏洞会误报。
而且师傅的逻辑是只要读取到id的回显时,才会删除注册的hacktest路由
if ('uid=' in str(re…
zy696 updated
3 months ago
-
试用了一下,还可以,但是存在几个问题
希望能优化
工具检测功能逻辑方面没问题
比那个SpringExploitGUI_v1.4那个工具好
SpringExploitGUI_v1.4那个工具无法检测存在漏洞的网站
![erte](https://github.com/user-attachments/assets/cb1ba0c8-092a-46c0-9d2f-e21d78d457…