You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GET /springboot-spel-rce/article?id=1 HTTP/1.1
Host: 127.0.0.1:8090
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/110.0.5481.96 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip
用xray爬虫扫描spring应用的漏洞是发现,没有带上原始的Accept头,导致页面类型显示错误,无法判断出漏洞
xray webscan --plugins cmd-injection,sqldet --browser-crawler http://127.0.0.1:8090/springboot-spel-rce/
爬虫到的原始请求是
xray扫描实际发的包是
没有Accept header头,导致不能正确识别出漏洞,500错误,返回的json数据包。
带上原始的Accept头,就可以触发识别出漏洞,返回的是html数据包。
猜测可能是因为spring应用在请求没有带上Accept头时,默认返回json数据包。
sql注入也是这样的,去掉了Accept头,其他基础插件扫描未测试,估计也该也是。
这样会导致很多漏洞识别不出来,希望能及时调整一下。
建议:
扫描的时候带上原始爬虫请求的header头或者至少要保留Accept header头,只有在特效插件情况下的扫描才去掉或者修改 header头
The text was updated successfully, but these errors were encountered: