-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
未添加关键字检测 #2
Comments
感谢反馈,这里确实偷了个小懒,在目标网站根本就不是weblogic站点的情况下确实会产生这种误报,然而确实是weblogic的情况下,并不影响检测结果。 |
目标站点是windows Server 2008R2 weblogic环境
…---原始邮件---
发件人: "RabbitMask"<notifications@github.com>
发送时间: 2019年9月23日(星期一) 中午11:11
收件人: "rabbitmask/WeblogicScan"<WeblogicScan@noreply.github.com>;
抄送: "Subscribed"<subscribed@noreply.github.com>;
主题: Re: [rabbitmask/WeblogicScan] 未添加关键字检测 (#2)
感谢反馈,这里确实偷了个小懒,在目标网站根本就不是weblogic站点的情况下确实会产生这种误报,然而确实是weblogic的情况下,并不影响检测结果。
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
因为我测试的时候发现网站存在waf,当被waf拦截跳转到其他页面时,也会提示漏洞存在 |
十分感谢,waf拦截导致返回200确实有可能,这就说得通了,我会在下一版本同时正则返回内容,而不是只判断状态码,再次感谢,鞠躬~ |
好的ヾ ^_^♪,您这边做了优化以后希望再发一份到您的博文,我到时候去下载一份,麻烦您了
…---原始邮件---
发件人: "Funhity"<notifications@github.com>
发送时间: 2019年9月23日(星期一) 下午4:16
收件人: "rabbitmask/WeblogicScan"<WeblogicScan@noreply.github.com>;
抄送: "1154322699"<1154322699@qq.com>;"Comment"<comment@noreply.github.com>;
主题: Re: [rabbitmask/WeblogicScan] 未添加关键字检测 (#2)
因为我测试的时候发现网站存在waf,当被waf拦截跳转到其他页面时,也会提示漏洞存在
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
^_^ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
发现在ssrf还有CVE-2018-2894中只做了状态码200的判断,导致误报,建议添加下关键判断。
The text was updated successfully, but these errors were encountered: