Skip to content
This repository was archived by the owner on Nov 28, 2023. It is now read-only.

Commit 8a217ca

Browse files
committed
add Hard-coded IP
1 parent 3b169cd commit 8a217ca

File tree

2 files changed

+35
-0
lines changed

2 files changed

+35
-0
lines changed

rules/CVI-130005.xml

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
3+
<cobra document="https://github.com/wufeifei/cobra">
4+
<name value="硬编码IP"/>
5+
<language value="*"/>
6+
<match mode="regex-only-match"><![CDATA[((25[0-5]|2[0-4][0-9]|[01]?[0-9]{2}?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))]]></match>
7+
<level value="4"/>
8+
<solution>
9+
## 安全风险
10+
硬编码IP
11+
12+
## 修复方案
13+
移到配置文件中
14+
</solution>
15+
<test>
16+
<case assert="true"><![CDATA[192.168.1.1]]></case>
17+
<case assert="true"><![CDATA[127.0.0.1]]></case>
18+
<case assert="true"><![CDATA[103.21.140.84]]></case>
19+
<case assert="true"><![CDATA[10.11.2.220]]></case>
20+
<case assert="true"><![CDATA[14.0.0.0]]></case>
21+
<case assert="true"><![CDATA[192.168.1.1]]></case>
22+
23+
<case assert="false"><![CDATA[1.2.3.4]]></case>
24+
<case assert="false"><![CDATA[13.11.2]]></case>
25+
<case assert="false"><![CDATA[3.3.0.1]]></case>
26+
<case assert="false"><![CDATA[1.0.1.0]]></case>
27+
<case assert="false"><![CDATA[1.4.16.0]]></case>
28+
<case assert="false"><![CDATA[1.204.0.0]]></case>
29+
</test>
30+
<status value="on"/>
31+
<author name="Feei" email="[email protected]"/>
32+
</cobra>

tests/vulnerabilities/v.php

+3
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@
99
$password = $_POST['password'];
1010
$callback = $_POST['callback'];
1111

12+
# CVI-130005
13+
$target = "10.11.2.220";
14+
1215
$cmd = $_REQUEST['a']
1316

1417
print($callback);

0 commit comments

Comments
 (0)