Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

修改指纹-[ruoyi-system] #181

Closed
j4vaovo opened this issue Oct 31, 2023 · 2 comments
Closed

修改指纹-[ruoyi-system] #181

j4vaovo opened this issue Oct 31, 2023 · 2 comments
Assignees
@cn-kali-team
Labels
Reviewed 已经审核 Verified 已经验证

Comments

@j4vaovo
Copy link
Contributor

j4vaovo commented Oct 31, 2023

测试目标

http://38.6.189.159:8081/

指纹的Yaml规则

name: ruoyi-system
priority: 3
nuclei_tags:
 - - ruoyi
fingerprint:
 - path: /
   request_method: get
   request_headers: {}
   request_data: ''
   status_code: 0
   headers: {}
   keyword:
     - href="/ruoyi/css/ry-ui.css
     - src="/ruoyi/js/ry-ui.js
   favicon_hash: []
 - path: /
   request_method: get
   request_headers: {}
   request_data: ''
   status_code: 0
   headers: {}
   keyword: []
   favicon_hash:
     - e49fd30ea870c7a820464ca56a113e6e
@github-actions GitHub Actions
Copy link

验证过程:

点击展开查看 

URL: �[38;5;10mhttp://38.6.189.159:8081/�[39m
HEADERS:
set-cookie: JSESSIONID=ed808128-f649-4f19-bd32-e33da3e17312; Path=/; HttpOnly; SameSite=lax
location: http://38.6.189.159:8081/login
content-length: 0
date: Tue, 31 Oct 2023 17:24:03 GMT
COOKIES:
JSESSIONID=ed808128-f649-4f19-bd32-e33da3e17312; Path=/; HttpOnly; SameSite=lax
STATUS_CODE: 302
TEXT:

�[38;5;9mFAVICON: {
    "http://38.6.189.159:8081/favicon.ico": "e49fd30ea870c7a820464ca56a113e6e",
}�[39m
NEXT_URL: http://38.6.189.159:8081/login
Matching fingerprintV3WebFingerPrint {
    name: "ruoyi-system",
    priority: 3,
    request: WebFingerPrintRequest {
        path: "/",
        request_method: "get",
        request_headers: {},
        request_data: "",
    },
    match_rules: WebFingerPrintMatch {
        status_code: 0,
        favicon_hash: [
            "e49fd30ea870c7a820464ca56a113e6e",
        ],
        headers: {},
        keyword: [],
    },
}
URL: �[38;5;10mhttp://38.6.189.159:8081/login�[39m
HEADERS:
content-type: text/html;charset=UTF-8
content-language: zh-CN
transfer-encoding: chunked
date: Tue, 31 Oct 2023 17:24:03 GMT
COOKIES:
STATUS_CODE: 200
TEXT:
<!doctype html>
<html lang="zh">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
    <title>登录若依系统</title>
    <meta name="description" content="若依后台管理框架">
    <link href="/css/bootstrap.min.css" rel="stylesheet"/>
    <link href="/css/font-awesome.min.css" rel="stylesheet"/>
    <link href="/css/style.min.css" rel="stylesheet"/>
    <link href="/css/login.min.css" rel="stylesheet"/>
    <link href="/ruoyi/css/ry-ui.css?v=4.7.6" rel="stylesheet"/>
    <!-- 360浏览器急速模式 -->
    <meta name="renderer" content="webkit">
    <!-- 避免ie使用兼容模式 -->
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <link rel="shortcut icon" href="favicon.ico"/>
    <style type="text/css">label.error { position:inherit;  }</style>
    <script>
        if(window.top!==window.self){alert('未登录或登录超时。请重新登录');window.top.location=window.location};
    </script>
</head>
<body class="signin">
    <div class="signinpanel">
        <div class="row">
            <div class="col-sm-7">
                <div class="signin-info">
                    <div class="logopanel m-b">
                        <h1><img alt="[ 若依 ]" src="/ruoyi.png"></h1>
                    </div>
                    <div class="m-b"></div>
                    <h4>欢迎使用 <strong>若依 后台管理系统</strong></h4>
                    <ul class="m-b">
                        <li><i class="fa fa-arrow-circle-o-right m-r-xs"></i> springboot</li>
                        <li><i class="fa fa-arrow-circle-o-right m-r-xs"></i> mybatis</li>
                        <li><i class="fa fa-arrow-circle-o-right m-r-xs"></i> shiro</li>
                        <li><i class="fa fa-arrow-circle-o-right m-r-xs"></i> thymeleaf</li>
                        <li><i class="fa fa-arrow-circle-o-right m-r-xs"></i> bootstrap</li>
                    </ul>
                    
                </div>
            </div>
            <div class="col-sm-5">
                <form id="signupform" autocomplete="off">
                    <h4 class="no-margins">登录:</h4>
                    <p class="m-t-md">你若不离不弃,我必生死相依</p>
                    <input type="text"     name="username" class="form-control uname"     placeholder="用户名" value="admin"    />
                    <input type="password" name="password" class="form-control pword"     placeholder="密码"   value="admin123" />
					
                    <div class="checkbox-custom m-t">
				        <input type="checkbox" id="rememberme" name="rememberme"> <label for="rememberme">记住我</label>
				    </div>
                    <button class="btn btn-success btn-block" id="btnsubmit" data-loading="正在验证登录,请稍候...">登录</button>
                </form>
            </div>
        </div>
        <div class="signup-footer">
            <div class="pull-left">
                copyright © 2018-2023 ruoyi.vip all rights reserved. <br>
            </div>
        </div>
    </div>
<script> var ctx = "\/"; var captchatype = "math"; </script>
<!--[if lte ie 8]><script>window.location.href=ctx+'html/ie.html';</script><![endif]-->
<!-- 全局js -->
<script src="/js/jquery.min.js"></script>
<script src="/ajax/libs/validate/jquery.validate.min.js"></script>
<script src="/ajax/libs/layer/layer.min.js"></script>
<script src="/ajax/libs/blockui/jquery.blockui.js"></script>
<script src="/ruoyi/js/ry-ui.js?v=4.7.6"></script>
<script src="/ruoyi/login.js"></script>
</body>
</html>

�[38;5;9mFAVICON: {
    "http://38.6.189.159:8081/favicon.ico": "e49fd30ea870c7a820464ca56a113e6e",
}�[39m
Matching fingerprintV3WebFingerPrint {
    name: "ruoyi-system",
    priority: 3,
    request: WebFingerPrintRequest {
        path: "/",
        request_method: "get",
        request_headers: {},
        request_data: "",
    },
    match_rules: WebFingerPrintMatch {
        status_code: 0,
        favicon_hash: [],
        headers: {},
        keyword: [
            "href=\"/ruoyi/css/ry-ui.css",
            "src=\"/ruoyi/js/ry-ui.js",
        ],
    },
}
Matching fingerprintV3WebFingerPrint {
    name: "ruoyi-system",
    priority: 3,
    request: WebFingerPrintRequest {
        path: "/",
        request_method: "get",
        request_headers: {},
        request_data: "",
    },
    match_rules: WebFingerPrintMatch {
        status_code: 0,
        favicon_hash: [
            "e49fd30ea870c7a820464ca56a113e6e",
        ],
        headers: {},
        keyword: [],
    },
}

验证结果:

  • 是否识别成功: true

@github-actions github-actions bot added the Verified 已经验证 label Oct 31, 2023
@cn-kali-team cn-kali-team added the Reviewed 已经审核 label Nov 1, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2023

审核通过:

  • 指纹规则已经合并,感谢提交。

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Nov 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cn-kali-team cn-kali-team

Labels
Reviewed 已经审核 Verified 已经验证
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cn-kali-team @j4vaovo