This repository was archived by the owner on Nov 28, 2023. It is now read-only.
Commit 8a217ca 1 parent 3b169cd commit 8a217ca Copy full SHA for 8a217ca
File tree 2 files changed +35
-0
lines changed
2 files changed +35
-0
lines changed Original file line number Diff line number Diff line change
1
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
2
+
3
+ <cobra document =" https://github.com/wufeifei/cobra" >
4
+ <name value =" 硬编码IP" />
5
+ <language value =" *" />
6
+ <match mode =" regex-only-match" ><![CDATA[ ((25[0-5]|2[0-4][0-9]|[01]?[0-9]{2}?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))]]> </match >
7
+ <level value =" 4" />
8
+ <solution >
9
+ ## 安全风险
10
+ 硬编码IP
11
+
12
+ ## 修复方案
13
+ 移到配置文件中
14
+ </solution >
15
+ <test >
16
+ <case assert =" true" ><![CDATA[ 192.168.1.1]]> </case >
17
+ <case assert =" true" ><![CDATA[ 127.0.0.1]]> </case >
18
+ <case assert =" true" ><![CDATA[ 103.21.140.84]]> </case >
19
+ <case assert =" true" ><![CDATA[ 10.11.2.220]]> </case >
20
+ <case assert =" true" ><![CDATA[ 14.0.0.0]]> </case >
21
+ <case assert =" true" ><![CDATA[ 192.168.1.1]]> </case >
22
+
23
+ <case assert =" false" ><![CDATA[ 1.2.3.4]]> </case >
24
+ <case assert =" false" ><![CDATA[ 13.11.2]]> </case >
25
+ <case assert =" false" ><![CDATA[ 3.3.0.1]]> </case >
26
+ <case assert =" false" ><![CDATA[ 1.0.1.0]]> </case >
27
+ <case assert =" false" ><![CDATA[ 1.4.16.0]]> </case >
28
+ <case assert =" false" ><![CDATA[ 1.204.0.0]]> </case >
29
+ </test >
30
+ <status value =" on" />
31
+ <
author name =
" Feei" email =
" [email protected] " />
32
+ </cobra >
Original file line number Diff line number Diff line change 9
9
$ password = $ _POST ['password ' ];
10
10
$ callback = $ _POST ['callback ' ];
11
11
12
+ # CVI-130005
13
+ $ target = "10.11.2.220 " ;
14
+
12
15
$ cmd = $ _REQUEST ['a ' ]
13
16
14
17
print ($ callback );
You can’t perform that action at this time.
0 commit comments