shiro-detect: Shiro Detect

日期: 2025-09-01 | 影响软件: Shiro Detect | POC: 已公开

漏洞描述

FOFA: app="APACHE-Shiro"

PoC代码[已公开]

id: shiro-detect

info:
    name: Shiro Detect
    author: zan8in
    severity: info
    verified: true
    description: |
        FOFA: app="APACHE-Shiro"
    tags: shiro,detect
    created: 2023/07/01

set:
    randstr: randomLowercase(6)
rules:
    r0:
        request:
            method: GET
            path: /
            follow_redirects: true
            headers:
              cookie: JSESSIONID={{randstr}};rememberMe=123;
        expression: response.raw_header.bcontains(b'rememberMe=deleteMe')
    r1:
        request:
            method: GET
            path: /
            headers:
              cookie: JSESSIONID={{randstr}};rememberMe=123;
        expression: response.raw_header.bcontains(b'rememberMe=deleteMe')
expression: r0() || r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/shiro-detect.yaml

相关漏洞推荐