漏洞环境
浏览我们的预构建漏洞环境集合,用于安全研究和教育。每个环境都使用Docker容器化,并配有详细的文档。
Auth Bypass
DataEase Authentication Bypass via Whitelist Path Traversal
探索DataEase Authentication Bypass via Whitelist Path Traversal漏洞并学习如何利用它。
DataEase JWT Authentication Bypass
探索DataEase JWT Authentication Bypass漏洞并学习如何利用它。
JetBrains TeamCity Authentication Bypass
探索JetBrains TeamCity Authentication Bypass漏洞并学习如何利用它。
Budibase Authentication Bypass via Webhook Query Parameter
探索Budibase Authentication Bypass via Webhook Query Parameter漏洞并学习如何利用它。
CMS
CraftCMS Yii Class Injection Remote Code Execution
探索CraftCMS Yii Class Injection Remote Code Execution漏洞并学习如何利用它。
CraftCMS ConditionsController Pre-Auth Remote Code Execution
探索CraftCMS ConditionsController Pre-Auth Remote Code Execution漏洞并学习如何利用它。
CraftCMS register_argc_argv Leads to Remote Code Execution
探索CraftCMS register_argc_argv Leads to Remote Code Execution漏洞并学习如何利用它。
Joomla 4.2.7 Permission Bypass
探索Joomla 4.2.7 Permission Bypass漏洞并学习如何利用它。
Database
H2 Database Web Console Authentication Remote Code Execution
探索H2 Database Web Console Authentication Remote Code Execution漏洞并学习如何利用它。
H2 Database Web Console Pre-Auth JNDI Injection RCE
探索H2 Database Web Console Pre-Auth JNDI Injection RCE漏洞并学习如何利用它。
H2 Database Web Console Pre-Auth JDBC Attack RCE
探索H2 Database Web Console Pre-Auth JDBC Attack RCE漏洞并学习如何利用它。
Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse
探索Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse漏洞并学习如何利用它。
Deserialization
Apache Linkis MySQL JDBC Datasource Deserialization Remote Code Execution
探索Apache Linkis MySQL JDBC Datasource Deserialization Remote Code Execution漏洞并学习如何利用它。
Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution
探索Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution漏洞并学习如何利用它。
React Server Components Flight Protocol Deserialization RCE
探索React Server Components Flight Protocol Deserialization RCE漏洞并学习如何利用它。
Apache Superset Python Pickle Deserialization Leads to RCE
探索Apache Superset Python Pickle Deserialization Leads to RCE漏洞并学习如何利用它。
Environment Injection
GNU InetUtils telnetd Argument Injection Authentication Bypass
探索GNU InetUtils telnetd Argument Injection Authentication Bypass漏洞并学习如何利用它。
CGI Application Environment Variable Injection by HTTPoxy
探索CGI Application Environment Variable Injection by HTTPoxy漏洞并学习如何利用它。
GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution
探索GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution漏洞并学习如何利用它。
GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution
探索GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution漏洞并学习如何利用它。
Expression Injection
n8n Expression Sandbox Escape to RCE
探索n8n Expression Sandbox Escape to RCE漏洞并学习如何利用它。
GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions
探索GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions漏洞并学习如何利用它。
Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection
探索Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection漏洞并学习如何利用它。
Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection
探索Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection漏洞并学习如何利用它。
File Upload
Apache RocketMQ NameServer Arbitrary File Write
探索Apache RocketMQ NameServer Arbitrary File Write漏洞并学习如何利用它。
SaltStack Arbitrary File Read and Write
探索SaltStack Arbitrary File Read and Write漏洞并学习如何利用它。
Drupal Cross-Site Scripting by File Upload
探索Drupal Cross-Site Scripting by File Upload漏洞并学习如何利用它。
WebLogic Arbitrary File Upload
探索WebLogic Arbitrary File Upload漏洞并学习如何利用它。
Framework
Spring Framework Path Traversal via Jetty URI Parsing Inconsistency
探索Spring Framework Path Traversal via Jetty URI Parsing Inconsistency漏洞并学习如何利用它。
Livewire Component Property Hydration Remote Code Execution
探索Livewire Component Property Hydration Remote Code Execution漏洞并学习如何利用它。
React Server Components Flight Protocol Deserialization RCE
探索React Server Components Flight Protocol Deserialization RCE漏洞并学习如何利用它。
Next.js Middleware Authorization Bypass
探索Next.js Middleware Authorization Bypass漏洞并学习如何利用它。
Hard Coding
Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass
探索Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass漏洞并学习如何利用它。
Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass
探索Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass漏洞并学习如何利用它。
InfluxDB Empty JWT Secret Key Authentication Bypass
探索InfluxDB Empty JWT Secret Key Authentication Bypass漏洞并学习如何利用它。
Apache APISIX Hardcoded API Token Leads to RCE
探索Apache APISIX Hardcoded API Token Leads to RCE漏洞并学习如何利用它。
Info Disclosure
Spring Framework Path Traversal via Jetty URI Parsing Inconsistency
探索Spring Framework Path Traversal via Jetty URI Parsing Inconsistency漏洞并学习如何利用它。
OpenClaw Cross-Site WebSocket Hijacking
探索OpenClaw Cross-Site WebSocket Hijacking漏洞并学习如何利用它。
Apache ActiveMQ Jolokia API Unauthorized Access
探索Apache ActiveMQ Jolokia API Unauthorized Access漏洞并学习如何利用它。
ownCloud graphapi Information Disclosure
探索ownCloud graphapi Information Disclosure漏洞并学习如何利用它。
LLM
ComfyUI-Manager CRLF Injection in Configuration Handler
探索ComfyUI-Manager CRLF Injection in Configuration Handler漏洞并学习如何利用它。
ComfyUI-Manager Remote Code Execution
探索ComfyUI-Manager Remote Code Execution漏洞并学习如何利用它。
Gradio Arbitrary File Read
探索Gradio Arbitrary File Read漏洞并学习如何利用它。
Gradio File Path Traversal
探索Gradio File Path Traversal漏洞并学习如何利用它。
Message Queue
Apache ActiveMQ Jolokia API Unauthorized Access
探索Apache ActiveMQ Jolokia API Unauthorized Access漏洞并学习如何利用它。
Apache ActiveMQ Jolokia Remote Code Execution
探索Apache ActiveMQ Jolokia Remote Code Execution漏洞并学习如何利用它。
Apache RocketMQ NameServer Arbitrary File Write
探索Apache RocketMQ NameServer Arbitrary File Write漏洞并学习如何利用它。
Apache ActiveMQ Jolokia Authenticated Remote Code Execution
探索Apache ActiveMQ Jolokia Authenticated Remote Code Execution漏洞并学习如何利用它。
Path Traversal
Spring Framework Path Traversal via Jetty URI Parsing Inconsistency
探索Spring Framework Path Traversal via Jetty URI Parsing Inconsistency漏洞并学习如何利用它。
Vite Development Server WebSocket Arbitrary File Read
探索Vite Development Server WebSocket Arbitrary File Read漏洞并学习如何利用它。
Vite Development Server Arbitrary File Read via Hash Character Bypass
探索Vite Development Server Arbitrary File Read via Hash Character Bypass漏洞并学习如何利用它。
n8n Content-Type Confusion Arbitrary File Read to RCE
探索n8n Content-Type Confusion Arbitrary File Read to RCE漏洞并学习如何利用它。
Privilege Escalation
V2board 1.6.1 Privilege Escalation
探索V2board 1.6.1 Privilege Escalation漏洞并学习如何利用它。
Polkit pkexec Privilege Escalation
探索Polkit pkexec Privilege Escalation漏洞并学习如何利用它。
SaltStack Information Disclosure Leads to Privilege Escalation
探索SaltStack Information Disclosure Leads to Privilege Escalation漏洞并学习如何利用它。
PostgreSQL Privilege Escalation
探索PostgreSQL Privilege Escalation漏洞并学习如何利用它。
RCE
DataEase H2 JDBC Remote Code Execution
探索DataEase H2 JDBC Remote Code Execution漏洞并学习如何利用它。
Apache Linkis MySQL JDBC Datasource Deserialization Remote Code Execution
探索Apache Linkis MySQL JDBC Datasource Deserialization Remote Code Execution漏洞并学习如何利用它。
Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution
探索Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution漏洞并学习如何利用它。
OpenClaw Cross-Site WebSocket Hijacking
探索OpenClaw Cross-Site WebSocket Hijacking漏洞并学习如何利用它。
SQL Injection
Grafana SQL Expressions Remote Code Execution
探索Grafana SQL Expressions Remote Code Execution漏洞并学习如何利用它。
1Panel Control Panel PostAuth SQL Injection
探索1Panel Control Panel PostAuth SQL Injection漏洞并学习如何利用它。
Cacti graph_view.php SQL Injection Leads to RCE
探索Cacti graph_view.php SQL Injection Leads to RCE漏洞并学习如何利用它。
ShowDoc 3.2.5 SQL Injection
探索ShowDoc 3.2.5 SQL Injection漏洞并学习如何利用它。
SSRF
Apache CXF Aegis DataBinding Server-Side Request Forgery
探索Apache CXF Aegis DataBinding Server-Side Request Forgery漏洞并学习如何利用它。
GeoServer Unauthenticated Server-Side Request Forgery
探索GeoServer Unauthenticated Server-Side Request Forgery漏洞并学习如何利用它。
Apache OFBiz SSRF and Remote Code Execution
探索Apache OFBiz SSRF and Remote Code Execution漏洞并学习如何利用它。
Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse
探索Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse漏洞并学习如何利用它。
SSTI
JeecgBoot JimuReport FreeMarker Server Side Template Injection RCE
探索JeecgBoot JimuReport FreeMarker Server Side Template Injection RCE漏洞并学习如何利用它。
Atlassian Jira Template Injection
探索Atlassian Jira Template Injection漏洞并学习如何利用它。
Flask (Jinja2) Server-Side Template Injection
探索Flask (Jinja2) Server-Side Template Injection漏洞并学习如何利用它。
Webserver
Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution
探索Tomcat Tribes EncryptInterceptor Bypass Remote Code Execution漏洞并学习如何利用它。
Kubernetes Ingress-NGINX Unauthenticated Remote Code Execution
探索Kubernetes Ingress-NGINX Unauthenticated Remote Code Execution漏洞并学习如何利用它。
Tomcat Session Deserialization Remote Code Execution
探索Tomcat Session Deserialization Remote Code Execution漏洞并学习如何利用它。
GlassFish 4.1.0 Arbitrary File Read
探索GlassFish 4.1.0 Arbitrary File Read漏洞并学习如何利用它。
XSS
Drupal Cross-Site Scripting by File Upload
探索Drupal Cross-Site Scripting by File Upload漏洞并学习如何利用它。
Django 500 Debug Page Cross-Site Scripting (XSS)
探索Django 500 Debug Page Cross-Site Scripting (XSS)漏洞并学习如何利用它。