shiroPoc icon indicating copy to clipboard operation
shiroPoc copied to clipboard

Published 20 hours ago verified publisher icon potats0

Metadata

Results 15 shiroPoc issues
Sort by recently updated
recently updated
newest added

错误: 找不到或无法加载主类 CommonsCollections10

λ java -cp shiroPoc-0.5-SNAPSHOT-jar-with-dependencies.jar CommonsCollections10 SpringBootEcho1 错误: 找不到或无法加载主类 CommonsCollections10 原因: java.lang.ClassNotFoundException: CommonsCollections10

websecer avatar websecer

命令行运行jar报错

![image](https://user-images.githubusercontent.com/54091599/137839549-9c3d6934-9632-4bd9-ab04-ec35e7659023.png)

yshdxm avatar yshdxm

Bump httpclient from 4.5.9 to 4.5.13

Bumps httpclient from 4.5.9 to 4.5.13. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.httpcomponents:httpclient&package-manager=maven&previous-version=4.5.9&new-version=4.5.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies

Bump commons-io from 2.6 to 2.7

Bumps commons-io from 2.6 to 2.7. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.6&new-version=2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies

师傅可以试试把gcm算法加入其中

师傅可以试试把gcm算法加入其中,最近也见到了好多gcm的站)

yuligesec avatar yuligesec

exp存在强特征被防火墙拦截

1 comment

命令执行exp使用了cmd作为HTTP请求头,某些防火墙发现存在这个请求包后会拦截。

lovelyjuice avatar lovelyjuice

检测某个站出现误报情况

1 comment

``` Powered by UnicodeSec Version 0.0.2 八月 01, 2020 4:31:56 下午 org.apache.http.client.protocol.ResponseProcessCookies processCookies 警告: Invalid cookie header: "Set-Cookie: 8VY9p00ccvVgS=5s7CnSS.ODpwYT_v50JzmQn.x0G6eIvX0a8hwJN_WEumAi_mwmJTdsCMnZzgt1NxHtMXnLqaQe.bUAFr1uZ83Cq; Path=/; expires=Tue, 3 0 Jul 2030 08:32:54 GMT; HttpOnly". Invalid 'expires'...

hahaSec avatar hahaSec

jar包生成POC后请求请求路径和请求方法会被删除,导致400

原始请求 ![image](https://user-images.githubusercontent.com/37523122/89247177-5a085280-d63f-11ea-9e60-1535e5284e2f.png) 生成POC后 ![image](https://user-images.githubusercontent.com/37523122/89247211-6d1b2280-d63f-11ea-8360-4da15893a43b.png) 另外,大佬这个怎么自定义命令,默认是whoami,我测试的这个靶机没回显的,想修改为其他命令测试

liao10086 avatar liao10086

jar包命令行无法scan

1 comment

![image](https://user-images.githubusercontent.com/17949373/89160848-4e1b8280-d5a4-11ea-83f1-f2eb6e9e372a.png)

Ch1ngg avatar Ch1ngg

bug

`java -cp shiroPoc-0.5-SNAPSHOT-jar-with-dependencies.jar org.unicodesec.poc http://localhost:8080/` 直接使用jar检测的话,测试时发现bug,无论对任何URL检测都会返回成功 ![QQ截图20200807084452](https://user-images.githubusercontent.com/53587683/89596629-4d2b6f00-d88a-11ea-92c7-5a523f980336.jpg)

ffpepwowa avatar ffpepwowa

Metadata

321
Stars
55
Forks
Watchers

Owner

verified publisher icon potats0

Metadata

Back