dubbo_unauthorized 有误报

chainreactors / gogo

面向红队的, 高度可控可拓展的自动化引擎

https://chainreactors.github.io/wiki/gogo/

GNU General Public License v3.0

1.38k stars 140 forks source link

dubbo_unauthorized 有误报 #38

Open kaka77 opened 1 year ago

kaka77 commented 1 year ago

漏扫信息： tcp://xx.xx.xx.xx.xx:20880 focus:dubbo-remote [tcp] Unsupported c [ high: dubbo_unauthorized ]

验证信息： Trying xx.xx.xx.xx.xx... Connected to xx.xx.xx.xx.xx. Escape character is '^]'. ls Command: ls disabled for security reasons, please enable support by listing the commands through 'telnet'

M09Ic commented 1 year ago

当前的dubbo规则为:

- name: dubbo-remote
  focus: true
  default_port:
    - dubbo
  protocol: tcp
  rule:
    - regexps:
        vuln:
          - dubbo
      vuln: dubbo_unauthorized

应该是返回值中出现了dubbo字段, 后续会改进该指纹