Open cxgreat2014 opened 6 years ago
uname -a
python -V
python cobra.py
dev@dev-VirtualBox:~/cobra$ python3 cobra.py -t tests/vulnerabilities/ [14:50:13] [INFO] [CLI] Target directory: /home/dev/cobra/tests/vulnerabilities/ [14:50:13] [INFO] [CLI] [STATISTIC] Language: php Framework: Flask [14:50:13] [INFO] [CLI] [STATISTIC] Files: 13, Extensions:13, Consume: 0.0004290000000000127 [14:50:13] [INFO] [PUSH] 17 CVE Rules [14:50:17] [INFO] [PUSH] 76 Rules [14:50:20] [CRITICAL] [CVI-360034] [ORIGIN] [ERROR] /bin/grep: 超过PCRE 的回溯限制 [14:50:20] [INFO] [SCAN] Trigger Rules/Not Trigger Rules/Off Rules: 63/3/11 Vulnerabilities (65) +----+--------+------+----------------------------------------+-------------+------------------+--------------------+--------------------------------+----------------------------------------------------+----------------------------------------------+ | # | CVI | VUL | Rule | Lang | Level-Score | Target | Commit(Time, Author) | Source Code Content | Analysis | +----+--------+------+----------------------------------------+-------------+------------------+--------------------+--------------------------------+----------------------------------------------------+----------------------------------------------+ | 1 | 999999 | IC | 引用了存在漏洞的三方组件 | * | H-08: ■■■■■■■■□□ | requirements.txt:1 | Unknown, @Unknown | flask:0.10.1 | Dependencies Matched(依赖匹配) | | 2 | 999999 | IC | 引用了存在漏洞的三方组件 | * | H-08: ■■■■■■■■□□ | requirements.txt:1 | Unknown, @Unknown | flask:0.10.1 | Dependencies Matched(依赖匹配) | | 3 | 999999 | IC | 引用了存在漏洞的三方组件 | * | H-08: ■■■■■■■■□□ | requirements.txt:1 | Unknown, @Unknown | flask:0.10.1 | Dependencies Matched(依赖匹配) | | 4 | 130002 | HCP | 硬编码Token/Key | * | L-02: ■■□□□□□□□□ | v.php:68 | 2017-07-17 17:52:04, @Feei | $appKey = "C787AFE9D9E86A6A6C78ACE99CA778EE"; | REGEX-ONLY-MATCH+NOT FIX(未修复) | | 5 | 140002 | XSS | 输出入参可能导致XSS | java | M-04: ■■■■□□□□□□ | v.java:46 | 2017-08-01 14:40:40, @Feei | out.println(request.getParameter("test")) | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 6 | 130004 | HCP | 配置型硬编码密码2 | conf | M-04: ■■■■□□□□□□ | v.ini:1 | 2017-08-28 21:07:28, @Feei | password: 123@123 | REGEX-ONLY-MATCH+NOT FIX(未修复) | | 7 | 360032 | WS | webshell32 | php | H-07: ■■■■■■■□□□ | v.php:238 | 2017-09-12 10:04:56, @braveghz | function c999shexit() | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 8 | 140005 | XSS | 获取URI或参数未过滤导致的XSS | lua | M-04: ■■■■□□□□□□ | v.lua:6 | 2017-08-01 18:13:22, @Feei | ngx.say(ngx.req.get_uri_args().name) | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 9 | 360018 | WS | webshell18 | php | H-07: ■■■■■■■□□□ | v.php:193 | 2017-09-07 17:29:12, @braveghz | mb_ereg_replace('.*', $_REQUEST['op'], '', 'e'); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 10 | 130001 | HCP | 赋值型硬编码密码 | php | L-02: ■■□□□□□□□□ | v.php:70 | 2017-08-28 12:04:38, @BlBana | $password = "cobra123456!@#"; | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 11 | 360016 | WS | webshell16 | php | H-07: ■■■■■■■□□□ | v.php:186 | 2017-09-07 17:29:12, @braveghz | filter_var_array(array('test' => $_REQUEST['pass'] | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 12 | 360013 | WS | webshell13 | php | H-07: ■■■■■■■□□□ | v.php:180 | 2017-09-07 17:29:12, @braveghz | $sa = "eval()"; create_function('xxx', $sa); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 13 | 360033 | WS | webshell33 | php | H-07: ■■■■■■■□□□ | v.php:247 | 2017-09-07 17:29:12, @braveghz | if (!empty($unset_surl)) {setcookie("N3tsh_surl"); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 14 | 170002 | FI | 文件包含漏洞 | php | H-07: ■■■■■■■□□□ | v.php:61 | 2017-09-07 17:29:12, @braveghz | require_once $cmd; | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 15 | 260001 | US | PHP反序列化漏洞 | php | M-05: ■■■■■□□□□□ | v.php:78 | 2017-08-26 00:16:50, @braveghz | $test_uns = unserialize($test); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 16 | 230001 | SF | SESSION固定攻击 | php | H-08: ■■■■■■■■□□ | v.php:20 | 2017-09-07 17:29:12, @braveghz | setcookie("PHPSESSID", $cmd); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 17 | 360021 | WS | webshell21 | php | H-07: ■■■■■■■□□□ | v.php:203 | 2017-09-07 17:29:12, @braveghz | $a = "ZXZhbA==";array_walk($array, base64_decode($ | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 18 | 160003 | SQLI | MySQL Execute Functions可能导致SQL注入 | php | H-08: ■■■■■■■■□□ | v.php:57 | 2017-08-28 21:07:28, @Feei | mysql_query($query); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 19 | 360006 | WS | webshell6 | php | H-07: ■■■■■■■□□□ | v.php:152 | 2017-09-07 17:29:12, @braveghz | ($code = $_POST['code']) && @preg_replace('/ad/e', | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 20 | 355001 | WE | DES加密模式 | java | L-02: ■■□□□□□□□□ | v.java:14 | 2017-08-01 14:49:33, @Feei | Cipher c = Cipher.getInstance("DESede/CBC/PKCS | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 21 | 350001 | WF | unlink删除文件 | php | M-03: ■■■□□□□□□□ | v.php:95 | 2017-09-07 17:29:12, @braveghz | unlink($file); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 22 | 140001 | XSS | 文本框反射型XSS | jsp | M-04: ■■■■□□□□□□ | v.jsp:8 | 2017-07-17 17:52:04, @Feei | <input type="hidden" value="request.getParameter(" | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 23 | 130005 | HCP | 硬编码IP | * | M-04: ■■■■□□□□□□ | v.php:6 | 2017-08-11 13:48:02, @Feei | $target = "10.11.2.220"; | REGEX-ONLY-MATCH+NOT FIX(未修复) | | 24 | 360028 | WS | webshell28 | php | H-07: ■■■■■■■□□□ | v.php:219 | 2017-09-07 17:29:12, @braveghz | eval(base64_decode( | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 25 | 360004 | WS | webshell4 | php | H-07: ■■■■■■■□□□ | v.php:146 | 2017-09-07 17:29:12, @braveghz | echo @preg_replace('/xx/e', $_POST[sss], axxa); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 26 | 200002 | PPG | 不安全的随机数 | php | L-02: ■■□□□□□□□□ | v.php:66 | 2017-07-17 18:29:22, @Feei | $unique = uniqid(); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 27 | 181001 | CI | 远程命令执行 | php | C-10: ■■■■■■■■■■ | v.php:16 | 2017-09-07 17:29:12, @braveghz | system('ls'+$cmd); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 28 | 360020 | WS | webshell20 | php | H-07: ■■■■■■■□□□ | v.php:200 | 2017-09-07 17:29:12, @braveghz | array_walk($array, "eval"); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 29 | 360030 | WS | webshell30 | php | H-07: ■■■■■■■□□□ | v.php:226 | 2017-09-11 11:54:49, @braveghz | $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU2..."; | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 30 | 165001 | LI | LDAP注入 | php | M-05: ■■■■■□□□□□ | v.php:128 | 2017-09-07 17:29:12, @braveghz | $sr = ldap_search($ds, "o=My Company, c=US", | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 31 | 360035 | WS | webshell35 | php | H-07: ■■■■■■■□□□ | v.php:256 | 2017-09-07 17:29:12, @braveghz | $func = new ReflectionFunction($_GET[m]); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 32 | 360002 | WS | webshell2 | php | H-07: ■■■■■■■□□□ | v.php:139 | 2017-09-07 17:29:12, @braveghz | array_filter($arr, base64_decode("ZXZhbA==")); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 33 | 110005 | MC | 允许任意证书(CWE-295) | java | M-05: ■■■■■□□□□□ | v.java:40 | 2017-08-01 14:40:40, @Feei | public X509Certificate[] getAcceptedIssuers() | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 34 | 360005 | WS | webshell5 | php | H-07: ■■■■■■■□□□ | v.php:149 | 2017-09-07 17:29:12, @braveghz | ($e = $_POST['e']) && @preg_replace($e, "eval", 'h | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 35 | 190003 | IE | 打印phpinfo | php | L-02: ■■□□□□□□□□ | v.php:23 | 2017-08-01 15:21:02, @Feei | phpinfo(); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 36 | 320002 | VO | extract导致变量覆盖漏洞 | php | M-04: ■■■■□□□□□□ | v.php:10 | 2017-08-28 21:07:28, @Feei | extract($cmd); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 37 | 160004 | SQLI | SQL Execute Functions可能导致SQL注入 | php | H-08: ■■■■■■■■□□ | v.php:58 | 2017-08-28 21:30:16, @Feei | mysqli_query($query); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 38 | 360031 | WS | webshell31 | php | H-07: ■■■■■■■□□□ | v.php:230 | 2017-09-11 11:54:49, @braveghz | $NXlKO=gzuncompress(base64_decode($NXlKO)); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 39 | 190004 | IE | 证书文件泄露 | certificate | M-04: ■■■■□□□□□□ | v.p12:0 | Unknown, @Unknown | | FIND-EXTENSION(后缀查找) | | 40 | 360007 | WS | webshell7 | php | H-07: ■■■■■■■□□□ | v.php:155 | 2017-09-12 10:04:56, @braveghz | call_user_func('assert', $arr); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 41 | 130003 | HCP | 配置型硬编码密码1 | conf | M-04: ■■■■□□□□□□ | v.ini:2 | 2017-08-28 21:07:28, @Feei | db_query_password=!@#1qa123 | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 42 | 120004 | SSRF | fsockopen造成的SSRF | php | H-07: ■■■■■■■□□□ | v.php:123 | 2017-09-12 10:04:56, @braveghz | $fp = fsockopen($host, intval($port), $errno, $err | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 43 | 360012 | WS | webshell12 | php | H-07: ■■■■■■■□□□ | v.php:177 | 2017-09-11 11:54:49, @braveghz | $func=@create_function('$x','ev'.'al'.'(gz'.'inf'. | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 44 | 120002 | SSRF | file_get_contents导致的SSRF | php | H-07: ■■■■■■■□□□ | v.php:46 | 2017-09-07 17:29:12, @braveghz | $content = file_get_contents($url); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 45 | 200001 | PPG | 不安全的随机数 | java | L-02: ■■□□□□□□□□ | v.java:8 | 2017-07-25 11:30:41, @Feei | Random r = new Random(); | REGEX-ONLY-MATCH+MATCH2(正则仅匹配+二次匹配) | | 46 | 120001 | SSRF | cURL导致的SSRF | php | H-06: ■■■■■■□□□□ | v.php:32 | 2017-09-07 17:29:12, @braveghz | curl_setopt($ch, CURLOPT_URL, $url); | MATCH+REPAIR(匹配+未修复) | | 47 | 360029 | WS | webshell29 | php | H-07: ■■■■■■■□□□ | v.php:223 | 2017-09-11 11:54:49, @braveghz | $bind_pl = "IyEvdXNyL2Jpbi9lbnYgcGVybA0KJFNIRUxMPS | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 48 | 160001 | SQLI | 拼接SQL注入 | java | H-08: ■■■■■■■■□□ | v.java:49 | 2017-08-01 14:40:40, @Feei | String hql = "select max(detailLineNo) from TWmsSo | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 49 | 190001 | IE | Logger敏感信息 | java | L-02: ■■□□□□□□□□ | v.java:4 | 2017-07-17 18:29:22, @Feei | log.debug('username: admin password: admin'); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 50 | 360027 | WS | webshell27 | php | H-07: ■■■■■■■□□□ | v.php:210 | 2017-09-12 10:04:56, @braveghz | eval(getenv('HTTP_CODE')); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 51 | 190006 | IE | 设计源文件泄露 | source | M-04: ■■■■□□□□□□ | v.psd:0 | Unknown, @Unknown | | FIND-EXTENSION(后缀查找) | | 52 | 355002 | WE | ECB加密模式 | java | L-02: ■■□□□□□□□□ | v.java:19 | 2017-08-01 14:49:33, @Feei | Cipher c = Cipher.getInstance("AES/ECB/NoPaddi | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 53 | 360014 | WS | webshell14 | php | H-07: ■■■■■■■□□□ | v.php:183 | 2017-09-07 17:29:12, @braveghz | $a = "eval";$a($_GET['a']); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 54 | 180001 | CI | 远程代码执行 | php | C-10: ■■■■■■■■■■ | v.php:11 | 2017-09-11 11:54:49, @braveghz | eval($cmd); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 55 | 110001 | MC | 不安全的权限设置 | php | L-02: ■■□□□□□□□□ | v.php:26 | 2017-09-07 17:29:12, @braveghz | mkdir('log/' . date("Y"), 0777); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 56 | 360001 | WS | webshell1 | php | H-07: ■■■■■■■□□□ | v.php:132 | 2017-09-07 17:29:12, @braveghz | include "sss.jpg"; | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 57 | 120003 | SSRF | get_headers导致的SSRF | php | H-07: ■■■■■■■□□□ | v.php:51 | 2017-09-07 17:29:12, @braveghz | echo get_headers($url, 1); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 58 | 320001 | VO | 变量覆盖漏洞 | php | M-04: ■■■■□□□□□□ | v.php:83 | 2017-08-26 00:16:50, @braveghz | parse_str($_SERVER['QUERY_STRING']); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 59 | 360011 | WS | webshell11 | php | H-07: ■■■■■■■□□□ | v.php:174 | 2017-09-07 17:29:12, @braveghz | $sa = create_function('xxx', "eval()");$sa(); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 60 | 210001 | UR | 未经验证的任意链接跳转 | php | M-05: ■■■■■□□□□□ | v.php:74 | 2017-09-07 17:29:12, @braveghz | header("Location: " . $url); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 61 | 170001 | FI | LFI | jsp | M-05: ■■■■■□□□□□ | v.jsp:5 | 2017-08-01 14:40:40, @Feei | include(request.getParam('test')); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 62 | 140003 | XSS | 直接输出入参可能导致XSS | php | M-04: ■■■■□□□□□□ | v.php:215 | 2017-09-07 17:29:12, @braveghz | echo $_GET[c]; | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | | 63 | 190002 | IE | 打印堆栈信息 | java | L-02: ■■□□□□□□□□ | v.java:24 | 2017-08-01 14:40:40, @Feei | printStackTrace(); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 64 | 190008 | IE | 信息泄露 | php | L-02: ■■□□□□□□□□ | v.php:64 | 2017-08-28 21:07:28, @Feei | highlight_file($cmd); | REGEX-ONLY-MATCH(正则仅匹配+无修复规则) | | 65 | 167001 | XEI | XXE(XML实体注入) | php | M-05: ■■■■■□□□□□ | v.php:81 | 2017-08-26 00:16:50, @braveghz | $data = simplexml_load_string($xml); | FUNCTION-PARAM-CONTROLLABLE(函数入参可控) | +----+--------+------+----------------------------------------+-------------+------------------+--------------------+--------------------------------+----------------------------------------------------+----------------------------------------------+ [14:50:20] [INFO] [SCAN] Not Trigger Rules (3): 190005,190007,360034 [14:50:21] [INFO] [INIT] Done! Consume Time:7.8367369174957275s dev@dev-VirtualBox:~/cobra$
需要优化扫描规则,减少非贪婪模式的使用,防止超过最大回溯限制
BlBana
commented
6 years ago BlBana
commented
6 years ago
System and Python Environment
uname -apython -Vpython cobra.py