tooryx
commented
1 week ago Hi @SuperX-SIR,
Would you be willing to first contribute to fingerprints for the software?
Thanks ~tooryx
Open SuperX-SIR opened 1 week ago
tooryx
commented
1 week ago Hi @SuperX-SIR,
Would you be willing to first contribute to fingerprints for the software?
Thanks ~tooryx
SuperX-SIR
commented
4 days ago There are some difficulties in writing application fingerprints. This is a non-open source application and there are only four tags in two official hubs.
https://hub.docker.com/r/helpsystems/goanywhere-mft https://hub.docker.com/r/fortrallc/goanywhere-mft
SuperX-SIR
commented
4 days ago There are some difficulties in writing application fingerprints. This is a non-open source application and there are only four tags in two official hubs.
https://hub.docker.com/r/helpsystems/goanywhere-mft https://hub.docker.com/r/fortrallc/goanywhere-mft
get login html will response with title version
tooryx
commented
2 days ago Hi @SuperX-SIR,
Then you can continue with the development of the RCE.
~tooryx
SuperX-SIR
commented
1 day ago Add instructions to create the test environment https://github.com/google/security-testbeds/pull/90
Hello. I want to contribute to the tsunami scanner with a detector plugin to detect CVE-2023-0669 vulnerability
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-0669 https://www.vicarius.io/vsociety/posts/unauthenticated-rce-in-goanywhere https://www.cve.org/CVERecord?id=CVE-2023-0669
Description
The vulnerability has been assigned a CVE ID CCVE-2023-0669 , the severity level of the vulnerability is 7.2 HIGH : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
This is pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object
versions
version 7.1.1 and its earlier versions