Skip to content

[pull] master from Mr-xn:master #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pull wants to merge 121 commits into
base: master
Choose a base branch
from
Open

[pull] master from Mr-xn:master #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
121 commits
Select commit Hold shift + click to select a range
2415054
Update update_readme.py
Mr-xn Feb 27, 2026
9238172
docs: 更新 2 篇文章 - 九佳易管理系统 picHY.ashx SQL 注入漏洞 | 大蚂蚁 (BigAnt) 即时通讯系统 安装…
github-actions[bot] Feb 27, 2026
9f715b5
docs: 更新 1 篇文章 - 青龙面板最新版v2.20.1 鉴权绕过致RCE [skip ci]
github-actions[bot] Feb 27, 2026
bde24c2
docs: 更新 1 篇文章 - 大蚂蚁 (BigAnt) 即时通讯系统 moveDept SQL注入漏洞 [skip ci]
github-actions[bot] Feb 27, 2026
4011e68
Create security audit report for Qinglong v2.20.1
Mr-xn Feb 27, 2026
fc5cc5c
Add files via upload
Mr-xn Feb 27, 2026
194bc49
add qinglong-auth-bypass2rce/青龙(qinglong)面板权限绕过致未授权远程代码执行(RCE)漏洞分析复现
Mr-xn Feb 27, 2026
d484232
add 青龙(qinglong)面板权限绕过致未授权远程代码执行(RCE)漏洞分析复现
Mr-xn Feb 27, 2026
cdafdd0
docs: 更新 1 篇文章 - 九佳易管理系统 Ajax_XT.ashx SQL 注入漏洞 [skip ci]
github-actions[bot] Feb 28, 2026
3393578
docs: 更新 1 篇文章 - 九佳易管理系统 PrivilegedCodeDestroy.asmx SQL注入漏洞 [skip ci]
github-actions[bot] Mar 1, 2026
ae435b9
docs: 更新 1 篇文章 - 大蚂蚁 (BigAnt) 即时通讯系统 updateLoginName SQL注入漏洞 [skip ci]
github-actions[bot] Mar 1, 2026
54556b7
docs: 更新 1 篇文章 - 深信服运维安全管理系统 change_net 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 2, 2026
1094eb2
docs: 更新 1 篇文章 - 深信服运维安全管理系统 del_net 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 3, 2026
7b230d0
docs: 更新 1 篇文章 - 深信服运维安全管理系统 del_route 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 4, 2026
2e4df8c
docs: 更新 1 篇文章 - 深信服运维安全管理系统 getLdap 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 6, 2026
4c23abe
Initial plan
Copilot Mar 6, 2026
7f075b9
reorganize: create iot/, web/, privesc/, pc/ dirs and move loose md f…
Copilot Mar 6, 2026
934a4a3
Merge pull request #31 from Mr-xn/copilot/organize-project-structure
Mr-xn Mar 6, 2026
755cfa8
docs: 更新 1 篇文章 - 深信服运维安全管理系统 save_SNMP 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 7, 2026
e2dbf8f
docs: 更新 1 篇文章 - 深信服运维安全管理系统 csspost/update 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 8, 2026
cef004a
docs: 更新 1 篇文章 - 深信服运维安全管理系统 upload_file 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 9, 2026
57e4046
docs: 更新 1 篇文章 - 深信服运维安全管理系统 del_patch 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 10, 2026
2f63804
docs: 更新 1 篇文章 - 深信服运维安全管理系统 install_patch 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 11, 2026
3d1fe2e
docs: 更新 1 篇文章 - 深信服运维安全管理系统 remote_get_clip_img 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 12, 2026
7fb1684
docs: 更新 1 篇文章 - 深信服运维安全管理系统 uninstall_patch 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 13, 2026
1ba9995
docs: 更新 1 篇文章 - 深信服运维安全管理系统 get_clip_img 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 14, 2026
31ac4c3
docs: 更新 1 篇文章 - 深信服运维安全管理系统 down_load 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 15, 2026
bbaaa4c
docs: 更新 1 篇文章 - 深信服运维安全管理系统 port_validate 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 16, 2026
f71acca
Initial plan
Copilot Mar 16, 2026
94aa543
Add Webpack_extract to README tools section near Webpackfind
Copilot Mar 16, 2026
2805981
Merge pull request #32 from Mr-xn/copilot/update-readme-for-webpack-e…
Mr-xn Mar 16, 2026
4ad78ef
Bump pyopenssl from 19.0 to 26.0.0 in /BlueKeep
dependabot[bot] Mar 16, 2026
b506108
docs: 更新 1 篇文章 - 深信服运维安全管理系统 save_strategy 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 17, 2026
a56eee7
Initial plan
Copilot Mar 17, 2026
2829884
docs: add NX_Firmware to README IOT section
Copilot Mar 17, 2026
b8c255b
Merge pull request #34 from Mr-xn/copilot/add-description-to-readme
Mr-xn Mar 17, 2026
8ae14d6
Merge pull request #33 from Mr-xn/dependabot/pip/BlueKeep/pyopenssl-2…
Mr-xn Mar 17, 2026
3d96ed1
docs: 更新 1 篇文章 - 深信服运维安全管理系统 generate_certificate 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 18, 2026
477925e
docs: 更新 1 篇文章 - 深信服运维安全管理系统 update_date 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 19, 2026
c7ed81b
Add Wireshark-MCP to tools section (#35)
Copilot Mar 19, 2026
99e3141
docs: 更新 1 篇文章 - 深信服运维安全管理系统 upload_CN 远程命令执行漏洞 [skip ci]
github-actions[bot] Mar 20, 2026
8609539
Add ByPassTamperPlus to README.md (#36)
Copilot Mar 20, 2026
a03ac05
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 ChooseLineAndRes.ashx SQL 注入漏洞 [skip ci]
github-actions[bot] Mar 22, 2026
eca771d
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 /Handler/SMTLoadingMaterial.ashx SQL注…
github-actions[bot] Mar 23, 2026
13723b6
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 EquipmentTree.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Mar 24, 2026
91b5bf6
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 UploadPortraits.ashx 文件上传漏洞 [skip ci]
github-actions[bot] Mar 24, 2026
45eb8b1
Add DarkSword iOS exploit repositories to README (#37)
Copilot Mar 24, 2026
80c4af8
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 /Handler/FileSync.ashx 任意文件读取/上传/删除/S…
github-actions[bot] Mar 25, 2026
0b33df2
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 DownLoad.aspx 任意文件读取漏洞 [skip ci]
github-actions[bot] Mar 26, 2026
d7688b3
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 /Handler/MobileAppLogin.ashx SQL注入漏洞 …
github-actions[bot] Mar 26, 2026
575f274
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 PrintUpdate.ashx 任意文件读取/上传/删除漏洞 [skip…
github-actions[bot] Mar 27, 2026
797e3b6
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 TestManagePlatform.ashx SQL注入漏洞 [skip…
github-actions[bot] Mar 28, 2026
8e29dd9
Add ProcIR Windows incident response tool to README (#40)
Copilot Mar 28, 2026
f05665b
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 UploadHander.ashx 文件上传漏洞 [skip ci]
github-actions[bot] Mar 29, 2026
b712c5a
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 CreateMenus.aspx 任意文件上传漏洞 [skip ci]
github-actions[bot] Mar 31, 2026
21e4ead
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 AutoComplete.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 1, 2026
e420c21
Add trajan CI/CD pipeline security scanner to tools section in README…
Copilot Apr 2, 2026
c6fd742
Add clawgod to tools section in README (#42)
Copilot Apr 2, 2026
9a6e8fb
Add Payloader to tools section in README (#43)
Copilot Apr 2, 2026
e0f4448
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 ChooseImage.aspx 任意文件上传/删除漏洞 [skip ci]
github-actions[bot] Apr 2, 2026
374fd13
Add vphone-aio to IOT Device & Mobile Phone section (#44)
Copilot Apr 3, 2026
f4e909e
docs: 更新 1 篇文章 - 深科特 LEAN MES系统 SetDataSource.aspx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 3, 2026
cceacd8
Add kslkatz_bof link to README tools section (#45)
Copilot Apr 3, 2026
ebad1a9
docs: 更新 1 篇文章 - CLIProxyAPI /v1internal:method 未授权访问漏洞 [skip ci]
github-actions[bot] Apr 3, 2026
feda568
Add Shannon-related security tools to README (#46)
Copilot Apr 6, 2026
4f90735
docs: 更新 1 篇文章 - 孚盟云CRM AjaxTrackInfo.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 6, 2026
36dda05
docs: 更新 1 篇文章 - 孚盟云CRM DingHandler.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 7, 2026
7b64bc1
Add Podroid to IOT Device & Mobile Phone section in README (#47)
Copilot Apr 7, 2026
688b8b4
docs: 更新 1 篇文章 - 孚盟云CRM PriceList.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 8, 2026
387ee9a
docs: 更新 1 篇文章 - 孚盟云CRM WorkFlowHandler.ashx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 9, 2026
51bb3d9
docs: 更新 1 篇文章 - 孚盟云CRM AddInquiry.aspx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 10, 2026
8843313
docs: 更新 1 篇文章 - 孚盟云CRM OrderLook.aspx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 11, 2026
b93fdde
Add Rockxy HTTP debugging proxy tool to README tools section (#48)
Copilot Apr 11, 2026
273a067
Add ysogate link to README near ysomap entry (#49)
Copilot Apr 11, 2026
4c30648
Add SysWhispers4 link to README near SysWhispers3 entry (#50)
Copilot Apr 11, 2026
3c5af3e
docs: 更新 1 篇文章 - 孚盟云CRM FormDefault.aspx、FormDefaultCommon.aspx 多处SQL…
github-actions[bot] Apr 12, 2026
cba3136
docs: 更新 1 篇文章 - 天地伟业Easy7 queryRoomName SQL注入漏洞 [skip ci]
github-actions[bot] Apr 14, 2026
c9c71ce
docs: 更新 1 篇文章 - 天地伟业Easy7 queryRoomConfigs SQL注入漏洞 [skip ci]
github-actions[bot] Apr 15, 2026
213bb5c
Add nano-analyzer and Tomcat JMX→RCE resources to README (#51)
Copilot Apr 15, 2026
e23ed5b
Add anything-analyzer to tools section in README (#52)
Copilot Apr 15, 2026
2dfb62b
docs: 更新 1 篇文章 - 天地伟业Easy7 UploadOwnerImage.jsp 文件上传漏洞 [skip ci]
github-actions[bot] Apr 16, 2026
582a972
docs: 更新 1 篇文章 - mdserver-web(夸父面板)≤0.18.4 多处未授权访问 + 信息泄露 + RCE 漏洞分析 …
github-actions[bot] Apr 16, 2026
cb89622
Add RedSun Windows Defender privilege escalation link to README (#53)
Copilot Apr 17, 2026
d6cb39a
docs: 更新 1 篇文章 - 天地伟业Easy7 GetOtherDomainServer.jsp SSRF漏洞 [skip ci]
github-actions[bot] Apr 17, 2026
0d086bd
docs: 更新 1 篇文章 - 天地伟业Easy7 getInquestIdByRoomId SQL注入漏洞 [skip ci]
github-actions[bot] Apr 18, 2026
cbaa44a
docs: 补充 CVE-2026-0827 和 BlueSAM 到 README (#54)
Copilot Apr 18, 2026
af1242f
Add link to ultimate code audit checklist
Mr-xn Apr 18, 2026
99c6ce6
Add raptor to tools section in README (#55)
Copilot Apr 19, 2026
d1d9dfa
docs: 更新 1 篇文章 - 天地伟业Easy7 getInquestRoomChannelInfo SQL注入漏洞 [skip ci]
github-actions[bot] Apr 19, 2026
a94ecb7
docs: 更新 1 篇文章 - V2Board 信息泄露漏洞至权限绕过接管账户(CVE-2026-39912)分析复现 [skip ci]
github-actions[bot] Apr 20, 2026
6568d59
Add UnDefend Windows Defender DOS tool to README after RedSun entry (…
Copilot Apr 20, 2026
d68b23a
docs: 更新 1 篇文章 - 天地伟业Easy7 isHashCameraAuth SQL注入漏洞 [skip ci]
github-actions[bot] Apr 21, 2026
b530c68
docs: 更新 1 篇文章 - 天地伟业Easy7 getConfigInfoList SQL注入漏洞 [skip ci]
github-actions[bot] Apr 22, 2026
3ba9403
docs: 更新 1 篇文章 - 天地伟业Easy7 capture 命令执行漏洞 [skip ci]
github-actions[bot] Apr 23, 2026
abc6deb
docs: 更新 1 篇文章 - 天地伟业Easy7 uploadLedImage 文件上传漏洞 [skip ci]
github-actions[bot] Apr 24, 2026
3aa177c
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/delete 文件删除漏洞 [skip ci]
github-actions[bot] Apr 25, 2026
bba9ddc
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/downloadFile 文件读取漏洞 [skip…
github-actions[bot] Apr 26, 2026
4080414
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/uploadIdsHttpFile SSRF+文件…
github-actions[bot] Apr 27, 2026
9dc3e13
docs: 更新 1 篇文章 - 孚盟云CRM CustomizeReportSelectMould.aspx SQL注入漏洞 [skip…
github-actions[bot] Apr 28, 2026
0451098
docs: 更新 1 篇文章 - 孚盟云CRM ClientNameCard.aspx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 29, 2026
eb74e0c
docs: 更新 1 篇文章 - 孚盟云CRM BusinessPrice.aspx SQL注入漏洞 [skip ci]
github-actions[bot] Apr 30, 2026
e0a901b
Add Java Ghost Bits (Black Hat Asia 2026) links to IOT section (#57)
Copilot Apr 30, 2026
46e8295
add Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf
Mr-xn Apr 30, 2026
db611dc
docs: 更新 1 篇文章 - 孚盟云CRM BusinessPriceListList.aspx SQL注入漏洞 [skip ci]
github-actions[bot] May 1, 2026
793ee17
docs: add GBitsTools, GbitsGen, ghost-bits-lab, BLACKHAT_Asia2026 to …
Copilot May 1, 2026
7000601
docs: add Pentest-Swarm-AI to README tools section (#59)
Copilot May 3, 2026
806f647
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/uploadFile 文件上传漏洞 [skip ci]
github-actions[bot] May 6, 2026
bff8f1f
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/deleteFile 文件删除漏洞 [skip ci]
github-actions[bot] May 7, 2026
4622982
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/file/download 文件读取漏洞 [skip ci]
github-actions[bot] May 8, 2026
80cab04
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/user/getAuthorityByUserId SQL注…
github-actions[bot] May 9, 2026
d25071d
Add Dirty Frag to the Linux privilege escalation section in README (#60)
Copilot May 9, 2026
881fc93
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/user/IsPermissible SQL注入漏洞 [sk…
github-actions[bot] May 10, 2026
dc14de9
docs: 更新 1 篇文章 - 天地伟业Easy7 /Easy7/rest/user/getAuthorityByUserId SQL注…
github-actions[bot] May 11, 2026
82a8f01
docs: 更新 1 篇文章 - 孚盟云CRM BusinessPriceOk.aspx SQL注入漏洞 [skip ci]
github-actions[bot] May 12, 2026
f13cf8e
docs: 更新 1 篇文章 - 孚盟云CRM BusinessPriceReport.aspx SQL注入漏洞 [skip ci]
github-actions[bot] May 13, 2026
e420f06
docs: 更新 1 篇文章 - 孚盟云CRM BusiPriceOkPrint.aspx SQL注入漏洞 [skip ci]
github-actions[bot] May 14, 2026
95422f6
docs: Add CVE-2026-34621 (Adobe Acrobat SSRF/JS injection) and CVE-20…
Copilot May 16, 2026
05eeb7c
docs: add zenproxy link to proxy tools list (#63)
Copilot May 17, 2026
12ce4a2
docs: 更新 1 篇文章 - 用友 NC 系统 IMsgCenterWebService SQL注入漏洞 [skip ci]
github-actions[bot] May 18, 2026
87cce6f
Add CACM (Linux权限维持+后渗透工具) to 提权辅助相关 section in README.md (#65)
Copilot May 23, 2026
ad9d7a3
docs: add Copy-Fail Kubernetes PoC link to CVE-2026-31431 entries (#66)
Copilot May 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion BlueKeep/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
pyopenssl==19.0
pyopenssl==26.0.0
363 changes: 240 additions & 123 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

Binary file added books/Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf
View file
Open in desktop
Binary file not shown.
0 ...dle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md → ...dle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md
View file
Open in desktop
File renamed without changes.
0 ...1-14536_锐捷RG-UAC统一上网行为管理审计系统账号密码信息泄露漏洞.md → ...1-14536_锐捷RG-UAC统一上网行为管理审计系统账号密码信息泄露漏洞.md
View file
Open in desktop
File renamed without changes.
0 CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md → iot/CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md
View file
Open in desktop
File renamed without changes.
0 CVE-2019-16920-D-Link-rce.md → iot/CVE-2019-16920-D-Link-rce.md
View file
Open in desktop
File renamed without changes.
0 CVE-2020-9374.md → iot/CVE-2020-9374.md
View file
Open in desktop
File renamed without changes.
0 WLAN-AP-WEA453e RCE三星路由器远程命令执行漏洞.md → iot/WLAN-AP-WEA453e RCE三星路由器远程命令执行漏洞.md
View file
Open in desktop
File renamed without changes.
0 华为WS331a产品管理页面存在CSRF漏洞.md → iot/华为WS331a产品管理页面存在CSRF漏洞.md
View file
Open in desktop
File renamed without changes.
0 天翼创维awifi路由器存在多处未授权访问漏洞.md → iot/天翼创维awifi路由器存在多处未授权访问漏洞.md
View file
Open in desktop
File renamed without changes.
0 CVE-2019-0708-msf快速搭建.md → pc/CVE-2019-0708-msf快速搭建.md
View file
Open in desktop
File renamed without changes.
0 ...ack Overflow-Linux图形界面X Server本地栈溢出POC.md → ...ack Overflow-Linux图形界面X Server本地栈溢出POC.md
View file
Open in desktop
File renamed without changes.
0 CVE-2020-0796检测与修复.md → pc/CVE-2020-0796检测与修复.md
View file
Open in desktop
File renamed without changes.
0 CVE-2021-1675.md → privesc/CVE-2021-1675.md
View file
Open in desktop
File renamed without changes.
0 CVE-2021-22555.md → privesc/CVE-2021-22555.md
View file
Open in desktop
File renamed without changes.
0 PAM劫持SSH密码.md → privesc/PAM劫持SSH密码.md
View file
Open in desktop
File renamed without changes.
0 adduser添加用户.md → privesc/adduser添加用户.md
View file
Open in desktop
File renamed without changes.
0 使用vbs脚本添加管理员用户.md → privesc/使用vbs脚本添加管理员用户.md
View file
Open in desktop
File renamed without changes.
13 changes: 13 additions & 0 deletions qinglong-auth-bypass2rce/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
version: '3'
services:
qinglong:
image: whyour/qinglong:2.20.1
container_name: ql-vuln-test
ports:
- '5710:5700'
volumes:
- ql_data:/ql/data
restart: unless-stopped

volumes:
ql_data:
Loading