漏洞检测
开发中
GET
/api/SecWork/vul/exploit
请求参数
Authorization
在 header 添加参数
Token
示例:
Token: ********************Query 参数
model
string
可选
示例值:
Y21z
product
string
可选
示例值:
QXNwQ01T
vul
string
可选
示例值:
QXNwQ01TIGNvbW1lbnRMaXN0LmFzcCBTUUzms6jlhaU=
url
string
可选
示例值:
aHR0cHM6Ly9hcGkuYmlyZHkwMi5jb20v
示例代码
Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
请求示例请求示例
Shell
JavaScript
Java
Swift
curl --location --request GET 'https://api.birdy02.com:8443/api/SecWork/vul/exploit?model=Y21z&product=QXNwQ01T&vul=QXNwQ01TIGNvbW1lbnRMaXN0LmFzcCBTUUzms6jlhaU=&url=aHR0cHM6Ly9hcGkuYmlyZHkwMi5jb20v' \
--header 'Token;'返回响应
🟢200成功
application/json
Body
success
boolean
必需
code
integer
必需
data
object
必需
isVul
boolean
必需
product
string
必需
vName
string
必需
vType
string
必需
vId
array[string]
必需
level
string
必需
vDesc
string
必需
link
string
必需
version
string
必需
note
string
必需
search
object
必需
fix
array[string]
必需
request
object
必需
response
object
必需
timer
string
必需
msg
string
必需
timer
string
必需
示例
{
"success": true,
"code": 200,
"data": {
"isVul": false,
"product": "IIS",
"vName": "IIS 短文件名枚举",
"vType": "解析漏洞",
"vId": [],
"level": "中危",
"vDesc": "Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。Microsoft IIS在实现上存在文件枚举漏洞,攻击者可利用此漏洞枚举网络服务器根目录中的文件。危害:攻击者可以利用“~”字符猜解或遍历服务器中的文件名,或对IIS服务器中的.Net Framework进行拒绝服务攻击。黑客可通过该漏洞尝试获取网站服务器下存放文件的文件名,达到获取更多信息来入侵服务器的目的。",
"link": "https://www.birdy02.com/2024/10/02/8a0d92a9-68ef-47cf-b556-0e893063dac3",
"version": "",
"note": "",
"search": {
"FOFA": "app=\"IIS\""
},
"fix": [
"关闭NTFS 8.3文件格式的支持。该功能默认是开启的,对于大多数用户来说无需开启。",
"将web文件夹的内容拷贝到另一个位置,比如D:\\www到D:\\www.back,然后删除原文件夹D:\\www,再重命名D:\\www.back到D:\\www。如果不重新复制,已经存在的短文件名则是不会消失的。"
],
"request": {
"url": "https://api.birdy02.com/ttt*~1*/a.aspx",
"method": "GET",
"header": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Accept-Language": "zh-CN,zh;q=0.9",
"Cache-Control": "no-cache",
"Client-Ip": "101.252.67.142",
"Connection": "keep-alive",
"Cookie": "rememberMe=me",
"Host": "api.birdy02.com",
"Pragma": "no-cache",
"Referer": "https://api.birdy02.com/ttt*~1*/a.aspx",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0",
"X-Forwarded-For": "101.252.67.142",
"X-Originating-Ip": "101.252.67.142",
"X-Remote-Addr": "101.252.67.142",
"X-Remote-Ip": "101.252.67.142"
},
"body": ""
},
"response": {
"code": 200,
"url": "https://api.birdy02.com/ttt*~1*/a.aspx",
"header": {
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Methods": "POST, GET, OPTIONS",
"Access-Control-Allow-Origin": "*",
"Access-Control-Max-Age": "86400",
"Connection": "keep-alive",
"Content-Length": "97",
"Content-Type": "application/json; charset=utf-8",
"Date": "Mon, 28 Oct 2024 03:35:37 GMT",
"Samesite": "Secure",
"Server": "openresty",
"Set-Cookie": "session=b18c0500367b61ac7d660f1512d6a1e7; Path=/; Max-Age=3600",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Cache": "MISS",
"X-Content-Type-Options": "nosniff",
"X-Dns-Prefetch-Control": "off",
"X-Download-Options": "noopen",
"X-Frame-Options": "DENY",
"X-Permitted-Cross-Domain-Policies": "master-only",
"X-Xss-Protection": "1;mode=block"
},
"body": "{\"success\":true,\"code\":403,\"data\":null,\"msg\":\"Unauthorized Access\",\"timer\":\"2024-10-28 11:35:37\"}",
"time": "0"
},
"timer": "2024-10-28 11:35:37"
},
"msg": "Response Success",
"timer": "2024-10-28 11:35:37"
}🟠400响应失败
修改于 2024-11-14 09:26:19