Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

提交指纹-[mojarra-jsf] #179

Closed
j4vaovo opened this issue Oct 26, 2023 · 1 comment
Closed

提交指纹-[mojarra-jsf] #179

j4vaovo opened this issue Oct 26, 2023 · 1 comment
Assignees
@cn-kali-team
Labels
Verified 已经验证

Comments

@j4vaovo
Copy link
Contributor

j4vaovo commented Oct 26, 2023

测试目标

http://27.2.122.181:9090

指纹的Yaml规则

name: mojarra-jsf
priority: 3
nuclei_tags:
- - mojarra
fingerprint:
- path: /
  request_method: get
  request_headers: {}
  request_data: ''
  status_code: 0
  headers: {}
  keyword:
    - '<input type="hidden" name="javax.faces.ViewState"'
  favicon_hash: []
@github-actions
Copy link

验证过程:

点击展开查看 

URL: �[38;5;10mhttp://27.2.122.181:9090/�[39m
HEADERS:
server: Apache-Coyote/1.1
x-powered-by: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
set-cookie: JSESSIONID=9B73D7E605D6CF2B0F5EA40CB983B9E1; Path=/
etag: W/"88-1657623822000"
last-modified: Tue, 12 Jul 2022 11:03:42 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 125
date: Thu, 26 Oct 2023 12:39:24 GMT
COOKIES:
JSESSIONID=9B73D7E605D6CF2B0F5EA40CB983B9E1; Path=/
STATUS_CODE: 200
TEXT:
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="refresh" content="0; url=dashboard.seam"/></head></html>

�[38;5;9mFAVICON: {
    "http://27.2.122.181:9090/favicon.ico": "a56c7533dc0332ae296adb8092370d7e",
}�[39m
NEXT_URL: http://27.2.122.181:9090/DashBoard.seam
URL: �[38;5;10mhttp://27.2.122.181:9090/DashBoard.seam�[39m
HEADERS:
server: Apache-Coyote/1.1
x-powered-by: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
set-cookie: JSESSIONID=373CC7D96C9CE742B48406524FBCFF9A; Path=/
location: http://27.2.122.181:9090/login.seam;jsessionid=373CC7D96C9CE742B48406524FBCFF9A?cid=282
content-length: 0
date: Thu, 26 Oct 2023 12:39:25 GMT
COOKIES:
JSESSIONID=373CC7D96C9CE742B48406524FBCFF9A; Path=/
STATUS_CODE: 302
TEXT:

�[38;5;9mFAVICON: {
    "http://27.2.122.181:9090/favicon.ico": "a56c7533dc0332ae296adb8092370d7e",
}�[39m
NEXT_URL: http://27.2.122.181:9090/login.seam;jsessionid=373CC7D96C9CE742B48406524FBCFF9A?cid=282
URL: �[38;5;10mhttp://27.2.122.181:9090/login.seam;jsessionid=373CC7D96C9CE742B48406524FBCFF9A�[39m
HEADERS:
server: Apache-Coyote/1.1
x-powered-by: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
content-type: text/html;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Oct 2023 12:39:25 GMT
COOKIES:
STATUS_CODE: 200
TEXT:
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd" >

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<script src="/a4j/g/3_3_1.ga/org/ajax4jsf/framework.pack.js" type="text/javascript"></script><script src="/a4j/g/3_3_1.ga/org/richfaces/ui.pack.js" type="text/javascript"></script><link class="component" href="/a4j/s/3_3_1.ga/org/richfaces/skin.xcss/datb/eae7ff3hutdlm6qbggse-a__;jsessionid=373cc7d96c9ce742b48406524fbcff9a" rel="stylesheet" type="text/css" /><script id="org.ajax4jsf.queue_script" type="text/javascript">if (typeof a4j != 'undefined') { if (a4j.ajax) { with (a4j.ajax) {if (!eventqueue.getqueue('org.richfaces.queue.global')) { eventqueue.addqueue(new eventqueue('org.richfaces.queue.global',null,null)) };}}};</script><link class="user" href="/a4j/s/3_3_1.gastylesheet/theme.xcss/datb/eae7ff3hutdlm6qbggse-a__;jsessionid=373cc7d96c9ce742b48406524fbcff9a" rel="stylesheet" type="text/css" /><link class="user" href="/stylesheet/theme.css;jsessionid=373cc7d96c9ce742b48406524fbcff9a" rel="stylesheet" type="text/css" /><link class="user" href="/css/bootstrap.css;jsessionid=373cc7d96c9ce742b48406524fbcff9a" rel="stylesheet" type="text/css" /><link class="user" href="/2.1/css/login.css;jsessionid=373cc7d96c9ce742b48406524fbcff9a" rel="stylesheet" type="text/css" /><script src="/2.1/js/jquery2.1.4.js;jsessionid=373cc7d96c9ce742b48406524fbcff9a" type="text/javascript"></script><script src="/2.1/js/login.js;jsessionid=373cc7d96c9ce742b48406524fbcff9a" type="text/javascript"></script><meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<title>crmviet</title>
		<!--    <link rel="shortcut icon" href="/favicon.ico" />  duykt: doi logo moi -->
		<link rel="shortcut icon" href="/img/logocrm1.png" />
	
	    <!-- 2.1 style -->
	  
	</head>
	<body>
	<div style="background: url(img/bg.png) no-repeat center; background-size: cover; width: 100%;">
	<div style="width: 100%; height: 30px">
	<div style="float: left; width: 79%; padding-top: 4px;"><img src="img/crmviet-logo-login.png" width="170" style="margin-top: 10px; margin-left: 15px;" />
	</div>
	</div>
	<div style="width: 100%; height: 375px;">
	<table width="100%" style="height: 100%; position: relative; border-spacing: 0px; float: left; bottom: 13px;">
		<tr>
			<td style="position: relative;">
<form id="formlogin" name="formlogin" method="post" action="/login.seam;jsessionid=373cc7d96c9ce742b48406524fbcff9a" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="formlogin" value="formlogin" />
<table style="padding: 100px 40px 0px 250px; margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td class="namelogin">
					<img src="img/iconuser.png" style="margin-top : 15px; margin-left : 15px;" /></td>
<td class="value"><input id="formlogin:username" type="text" name="formlogin:username" class="form-control" style="width:195px; height : 30px; font-size: 14px; background-image : none;          vertical-align: middle; margin-bottom: 10px; margin-top : 8px;" /></td>
</tr>
<tr>
<td class="namelogin">
						<img src="img/iconpassword.png" style="margin-left : 15px; margin-top : 5px;" /></td>
<td class="value"><input id="formlogin:password" type="password" name="formlogin:password" value="" style="width:195px; height : 30px; font-size: 14px; background-image : none;          vertical-align: middle; margin-bottom: 10px;" class="form-control" /></td>
</tr>
<tr>
<td class="namelogin">
						<img src="img/multi_lang.jpg" style="margin-left : 15px; margin-top : 5px; height: 25px; width: 30px" /></td>
<td class="value"><select name="formlogin:j_id14" class="form-control" size="1" style="width: 195px; height : 30px; font-size: 14px;">	<option value="1">vi&#7879;t nam</option>
	<option value="2">english</option>
</select></td>
</tr>
<tr>
<td class="namelogin">
					<p></p></td>
<td class="value"><input id="formlogin:submit" type="image" src="img/btlogin.png;jsessionid=373cc7d96c9ce742b48406524fbcff9a" name="formlogin:submit" style="margin-left: 59px;" /></td>
</tr>
<tr>
<td class="namelogin">
					<p></p></td>
<td class="value"><ul id="formlogin:messages" class="message"><li class="warnmsg">	please log in first </li></ul></td>
</tr>
</tbody>
</table>
<input type="hidden" name="javax.faces.viewstate" id="javax.faces.viewstate" value="j_id1" />
</form></td>
			<td width="121px" align="left" valign="bottom" style="vertical-align: bottom;">
			<div style="position: relative; float: left; height: 64px; width: 121px; background: #fff200; text-align: center; color: rgb(12, 134, 246);">
			<a href="http://crmviet.vn/huong-dan-su-dung-phan-mem-quan-ly-khach-hang-crmviet" style="position: relative; top: 25px;" target="_blank">help</a></div>
			</td>
			<td width="75px" align="left" valign="bottom" style="vertical-align: bottom;">
			<div style="position: relative; float: left; height: 328px; width: 75px; background: #00b2e0; color: white; text-align: center;"><span style="position : relative; top : 100px; font-size : 14px;">xin ch&agrave;o</span></div>
			</td>
			<td width="46px" align="right" valign="bottom" style="vertical-align: bottom;">
			<div style="float: right; height: 210px; width: 46px; background: #e0131b; text-align: center;"></div>
			</td>
		</tr>
	</table>
	</div>
	</div>
	<div class="footer" style="position: relative; top: -14px; margin-bottom: 0px; border: 0px solid #cecece; background-color: #cecece; width: 100%; height: 50px; text-align: center;">
	<p style="position: relative; font-size: 14px;">customer relationship management software. <a href="http://crmviet.vn" target="_blank"><img src="/img/crmvietnew.png;jsessionid=373cc7d96c9ce742b48406524fbcff9a" alt="logo" height="15" width="50" /></a></p>
	<p style="font-size: 13px;position:relative;top:-10px;"><a href="/aboutus.seam;jsessionid=373cc7d96c9ce742b48406524fbcff9a?cid=282" id="j_id26" target="_blank">help</a>
				 - hotline: 024 7300 4666</p>
	</div>
	<div style="clear: both"></div>
	</body>
	</html>
�[38;5;9mFAVICON: {
    "http://27.2.122.181:9090/favicon.ico": "a56c7533dc0332ae296adb8092370d7e",
    "http://27.2.122.181:9090/img/logoCRM1.png": "92f96f958c04c5e1ac9e6d13acd31b93",
}�[39m
Matching fingerprintV3WebFingerPrint {
    name: "mojarra-jsf",
    priority: 3,
    request: WebFingerPrintRequest {
        path: "/",
        request_method: "get",
        request_headers: {},
        request_data: "",
    },
    match_rules: WebFingerPrintMatch {
        status_code: 0,
        favicon_hash: [],
        headers: {},
        keyword: [
            "<input type=\"hidden\" name=\"javax.faces.ViewState\"",
        ],
    },
}

验证结果:

  • 是否识别成功: true

@github-actions github-actions bot added the Verified 已经验证 label Oct 26, 2023
@j4vaovo j4vaovo closed this as completed Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cn-kali-team cn-kali-team

Labels
Verified 已经验证
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cn-kali-team @j4vaovo