yakit icon indicating copy to clipboard operation
yakit copied to clipboard
verified publisher icon yaklang

shiro-gcm漏洞靶场有bug

Open pwnhxl opened this issue 1 year ago • 1 comments

http://192.168.0.102:8787/shiro/gcm

DQCDO7mdQ3IWD0VxXYBc9Lf45NQSZqYpvsyW1eErrcixmIL9lQauwpzXBy3cGnPsDvtovnH+SJlg0hOqPhnDuN75AWloU+Hm8MTWteu/fKCq4wxxQCBrlrRQRyph+/ajQlqb5TS8zlzQzXcFEixU6EcN6qHaaVzR6T9IXdC7qlEgXYflIavircb64HMK5L0pJswJG1Z92/++Kqb7

Key: 2itfW92XazYRi5ltW0M2yA==

如图 gcm加密模式的靶场只有这个被动插件能检出 其他任何shiro检测工具都检测不出来 并且你们扫描出来的payload 用这个蓝队分析工具也解密不出来了 几个月前我测试的时候不这样的 最新版才有这个bug

shiro-1 shiro-2

pwnhxl avatar Sep 07 '24 19:09 pwnhxl

感谢反馈,确实有点问题,后续完成修复

Go0p avatar Sep 09 '24 03:09 Go0p

image

image

lT2UvDUmQwewm6mMoiw4Ig==

0mUI014sbXraqplgKlfuYn0+WxKVdn2hrppT4olXXcVSY6eP5ZuMI70Dj6cCq6Wb7yx850d//KLrcaDgr0GBjie6Ns6Xqk8f7UIJoLV1ilrA+5W/a197ytZrZZ4QBqRzOBwsiogyEHOeMHSnxEA3ATs+MEAQQMukJCpWFi4P6GYekGhH64W/L5e3kXinyiCxqPgHxUlhHrGeXjM7

image

是不是还有问题

ruisika avatar Nov 14 '24 03:11 ruisika