Code Monkey home page Code Monkey logo

gin-vue-admin-exp's Introduction

gin-vue-admin-exp

简介

学习golang编程练习写的一款简单的gin-vue-admin框架利用小工具

能力有限,代码写得很垃圾,各位师傅们轻喷,也欢迎各位师傅指导与讨论

声明:此工具仅作学习交流用,不要做任何违法行为,如果违法&恶意操作,与本人无关!!!

主要功能

相关漏洞原理:http://47.109.35.4/posts/src-gin-vue-admin%E6%94%BB%E5%87%BB%E9%9D%A2/

  1. 前端绕过
    1. 绕过思路1:只判断captchaIdcaptcha是否为空,不校验验证码是否正确
    2. 绕过思路2:只判断captchaIdcaptcha是否为空,不校验验证码是否正确
  2. 绕过后撞库
    1. Username:内置字典,默认"admin", "test", "demo", "guest", "test1", "user", "ceshi", "test123", "system", "web", "sys", "admin1"
    2. password:加载根目录bigpasswdDict.txt文件
  3. 漏洞利用
    1. 提权/后门利用(CNVD-2024-00979)
    2. 读取系统配置利用

使用说明

gin-vue-admin-exp.exe -u https://www.baidu.com (判断前端是否绕过)
gin-vue-admin-exp.exe -u https://www.baidu.com -x xxxx (撞库后获取x-token进行漏洞利用)

编译命令

go mod init
go mod tidy
go build -o gin-vue-admin-exp.exe

运行截图

gin-vue-admin-exp.exe -u https://www.baidu.com

image.png

gin-vue-admin-exp.exe -u https://www.baidu.com -x xxxx

image.png

gin-vue-admin-exp's People

Contributors

shm1ly726 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.