unauth-vnc-server-detect: Unauthenticated VNC Server - Detect

漏洞描述

PoC代码[已公开]

id: unauth-vnc-server-detect

info:
  name: Unauthenticated VNC  Server - Detect
  author: pussycat0x
  severity: critical
  description: |
    The remote host had a VNC server that permitted access without requiring authentication.
  metadata:
    verified: true
    shodan-query: product:"vnc"
  tags: js,network,vnc,unauth,misconfig,vuln

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      var vnc = require('nuclei/vnc');
      var client = new vnc.VNCClient();
      var resp = client.Connect(Host, Port, " ");
      resp;

    args:
      Host: "{{Host}}"
      Port: 5900

    matchers:
      - type: dsl
        dsl:
          - "success == true"
          - "response == true"
        condition: and
# digest: 4b0a00483046022100fbfa7db92ec5cdb00b95f197475f035ee99025128088408d0882b3696dc800fe0221009b02d1586ead773b107cc0bf16562346df46956a7e323ef3d2caa1e5718c63da:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 西软云XMS /FoxhisFileServer/action 文件读取漏洞
• 九思OA /jsoa/OfficeServer 文件上传漏洞
• 锐捷EWEB路由器 /ddi/server/dns.php 文件读取漏洞
• 锐捷EWEB路由器 /ddi/server/fileupload.php 文件上传漏洞
• N-central /dms/services/ServerMMS XML 外部实体注入漏洞（CVE-2025-11700）
• POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
• POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
• POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
• POC CVE-2024-8852: All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
• POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
• 亿赛通电子文档安全管理系统 /CDGServer3/dwr/call/plaincall/JLockSeniorDao.findByLockName.dwr SQL 注入漏洞
• MapTiler-Tileserver-php /tileserver.php/x/1/1/1 目录遍历漏洞（CVE-2025-44137）
• POC CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion