zyylhn

zyylhn

Member Since 1 year ago

Experience Points
57
follower
Lessons Completed
22
follow
Lessons Completed
82
stars
Best Reply Awards
7
repos

65 contributions in the last year

Pinned
⚡ Zscan a scan blasting tool set
⚡ Redis primary/secondary replication RCE
Activity
May
20
2 days ago
started
started time in 2 days ago
started
started time in 2 days ago
started
started time in 2 days ago
started
started time in 2 days ago
May
13
1 week ago
started
started time in 1 week ago
started
started time in 1 week ago
started
started time in 1 week ago
started
started time in 1 week ago
Activity icon
issue

zyylhn issue zyylhn/zscan

zyylhn
zyylhn

同学,您这个项目引入了244个开源组件,存在2个漏洞,辛苦升级一下

检测到 zyylhn/zscan 一共引入了244个开源组件,存在2个漏洞

漏洞标题:jwt-go 安全漏洞
缺陷组件:github.com/dgrijalva/[email protected]+incompatible
漏洞编号:CVE-2020-26160
漏洞描述:jwt-go是个人开发者的一个Go语言的JWT实现。
jwt-go 4.0.0-preview1之前版本存在安全漏洞。攻击者可利用该漏洞在使用[]string{} for m[\"aud\"](规范允许)的情况下绕过预期的访问限制。
影响范围:(∞, 4.0.0-preview1)
最小修复版本:4.0.0-preview1
缺陷组件引入路径:[email protected]>github.com/dgrijalva/[email protected]+incompatible

另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=a2c061

May
10
1 week ago
started
started time in 1 week ago
started
started time in 1 week ago
May
9
1 week ago
started
started time in 1 week ago
May
6
2 weeks ago
started
started time in 2 weeks ago
Apr
26
3 weeks ago
started
started time in 3 weeks ago
Apr
19
1 month ago
started
started time in 1 month ago
Apr
18
1 month ago
Activity icon
created tag

zyylhn in zyylhn/redis_rce create tag v0.1.1

createdAt 1 month ago
push

zyylhn push zyylhn/redis_rce

zyylhn
zyylhn

新增-command命令用于执行一条命令

commit sha: 67b17d742e985f6b948b21ab9d8a58b7fc357e20

push time in 1 month ago
Apr
14
1 month ago
Mar
30
1 month ago
Activity icon
issue

zyylhn issue comment zyylhn/zscan

zyylhn
zyylhn

小建议

exploit模块ssh只支持交互式登录,但是不支持批量登录多台机器执行命令 有考虑在blast模块添加一个执行SSH命令的功能吗,C段机器爆破成功的同时,在每台机器分别执行命令返回结果(非交互)(参考fscan ssh -c 命令)

started
started time in 1 month ago
Previous