From cc9cc59fbb02a2e0eff4c2053b8ece017e959579 Mon Sep 17 00:00:00 2001 From: euphrat1ca <> Date: Wed, 11 Dec 2019 19:01:34 +0800 Subject: [PATCH] 205 205 --- wiki_vul.md | 1 + wiki_websec.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/wiki_vul.md b/wiki_vul.md index 697122f..0f3c557 100644 --- a/wiki_vul.md +++ b/wiki_vul.md @@ -65,6 +65,7 @@ ### 数据库 - https://github.com/oliver006/redis_exporter //GO.redis未授权访问 - https://github.com/t0kx/exploit-CVE-2015-1427 //BASH.Elasticsearch 1.4.0 < 1.4.2 Remote Code Execution exploit and vulnerable container远程命令执行 +## 中间件漏洞 ### Java框架相关漏洞 - https://github.com/x41sec/slides/blob/master/2019-bsides-stuttgart/YourStackTracesAreLeakingCVEs.pdf //Java服务异常信息查询敏感信息和漏洞信息列表 - https://github.com/NickstaDB/BaRMIe //JAVA.枚举测试Java RMI(远程调用服务)安全 diff --git a/wiki_websec.md b/wiki_websec.md index da431a8..642b187 100644 --- a/wiki_websec.md +++ b/wiki_websec.md @@ -22,7 +22,7 @@ - https://github.com/coffeehb/SSTIF //SSTI (服务器模板注入) 漏洞的半自动化工具 - https://github.com/tijme/angularjs-csti-scanner //探测客户端AngularJS模板注入漏洞工具 - https://github.com/epinna/tplmap //SSTI (服务器模板注入) 漏洞检测与利用工具 -### TLS/SSL安全 +### SSL/TLS安全 - https://github.com/hahwul/a2sv //SSL漏洞扫描,包括OpenSSL心脏滴血漏洞\CSS注入\SSLv3 POODLE等 - https://github.com/nabla-c0d3/sslyze //PY3.SSL/TLS server扫描器 ### 命令执行注入