Open SuperX-SIR opened 1 week ago
Hi @SuperX-SIR,
Would you be willing to first contribute to fingerprints for the software?
Thanks ~tooryx
There are some difficulties in writing application fingerprints. This is a non-open source application and there are only four tags in two official hubs.
https://hub.docker.com/r/helpsystems/goanywhere-mft https://hub.docker.com/r/fortrallc/goanywhere-mft
There are some difficulties in writing application fingerprints. This is a non-open source application and there are only four tags in two official hubs.
https://hub.docker.com/r/helpsystems/goanywhere-mft https://hub.docker.com/r/fortrallc/goanywhere-mft
get login html will response with title version
Hi @SuperX-SIR,
Then you can continue with the development of the RCE.
~tooryx
Add instructions to create the test environment https://github.com/google/security-testbeds/pull/90
Hello. I want to contribute to the tsunami scanner with a detector plugin to detect CVE-2023-0669 vulnerability
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-0669 https://www.vicarius.io/vsociety/posts/unauthenticated-rce-in-goanywhere https://www.cve.org/CVERecord?id=CVE-2023-0669
Description
The vulnerability has been assigned a CVE ID CCVE-2023-0669 , the severity level of the vulnerability is 7.2 HIGH : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
This is pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object
versions
version 7.1.1 and its earlier versions