fix 2022-07-29

lib/goby/goby_pocs/AceNet_AceReporter_Report_component_Arbitrary_file_download.go → lib/goby/goby_pocs/AceNet_AceReporter_Report_component_Arbitrary_file_download.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "AceNet AceReporter Report component Arbitrary file download",
   "Description": "All firewall devices that use the AceNet AceReporter report component can download arbitrary files",
   "Product": "AceNet AceReporter Report component",
@@ -125,12 +118,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
-}
+}

lib/goby/goby_pocs/Longjing_Technology_BEMS_API_1.21_Remote_Arbitrary_File_Download.go → lib/goby/goby_pocs/Longjing_Technology_BEMS_API_1.21_Remote_Arbitrary_File_Download.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Longjing Technology BEMS API 1.21 Remote Arbitrary File Download",
   "Description": "The application suffers from an unauthenticated arbitrary file download vulnerability.  Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files.  This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.",
   "Product": "Battery Energy Management System",
@@ -132,12 +125,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Many_network_devices_have_arbitrary_file_downloads.go → lib/goby/goby_pocs/Many_network_devices_have_arbitrary_file_downloads.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Many network devices have arbitrary file downloads",
   "Description": "The download.php page contains any file downloads",
   "Product": "Many network devices",
@@ -158,12 +151,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
-}
+}

lib/goby/goby_pocs/NVS3000_integrated_video_surveillance_platform_is_not_accessible.go → lib/goby/goby_pocs/NVS3000_integrated_video_surveillance_platform_is_not_accessible.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "NVS3000 integrated video surveillance platform is not accessible CNVD-2021-19742",
   "Description": "Datang Telecom Technology Co., Ltd. is a provider of information and communication products and integrated solutions.\\nNVS3000 integrated video surveillance platform of Datang Telecom Technology Co., LTD has an unauthorized access vulnerability, which can be used by attackers to obtain sensitive system information.",
   "Product": "NVS3000 integrated video surveillance platform",
@@ -117,12 +110,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Node_red_UI_base_Arbitrary_File_Read_Vulnerability_CVE_2021_3223.go → lib/goby/goby_pocs/Node_red_UI_base_Arbitrary_File_Read_Vulnerability_CVE_2021_3223.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Node-red UI_base Arbitrary File Read Vulnerability CVE-2021-3223",
   "Description": "Node-red is a tool for building Internet of Things (IoT) applications, with a focus on simplifying the \"wiring\" of blocks of code to perform tasks.\\nNode-red in (/nodes/ui_base.js), the URL matches (/ui_base/js/*) and passes it to (path.join),\\nLack of validation of the final path can lead to a path traversal vulnerability that can be exploited to read sensitive data on the server, such as settings.js",
   "Product": "Node-RED",
@@ -129,12 +122,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_exportrecord.php_any_file_download.go → lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_exportrecord.php_any_file_download.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "SPON IP network intercom broadcast system exportrecord.php any file download",
   "Description": "World Bond Communication Co., Ltd. is an audio as the core of the Internet of things solution provider. An arbitrary file reading vulnerability exists in the IP network intercom broadcast system of WorldBond Communication Co., LTD., which can be used by attackers to obtain sensitive information",
   "Product": "SPON IP network intercom broadcast system",
@@ -123,12 +116,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_getjson.php_Arbitrary_file_read.go → lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_getjson.php_Arbitrary_file_read.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "SPON IP network intercom broadcast system getjson.php Arbitrary file read",
   "Description": "World Bond Communication Co., Ltd. is an audio as the core of the Internet of things solution provider. An arbitrary file reading vulnerability exists in the IP network intercom broadcast system of WorldBond Communication Co., LTD., which can be used by attackers to obtain sensitive information",
   "Product": "SPON IP network intercom broadcast system",
@@ -131,12 +124,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_rj_get_token.php_any_file_read.go → lib/goby/goby_pocs/SPON_IP_network_intercom_broadcast_system_rj_get_token.php_any_file_read.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "SPON IP network intercom broadcast system ping.php any file read",
   "Description": "World Bond Communication Co., Ltd. is an audio as the core of the Internet of things solution provider. An arbitrary file reading vulnerability exists in the IP network intercom broadcast system of WorldBond Communication Co., LTD., which can be used by attackers to obtain sensitive information",
   "Product": "SPON IP network intercom broadcast system",
@@ -98,12 +91,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__ping_RCE.go → lib/goby/goby_pocs/Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__ping_RCE.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Shenzhen West dieter Technology Co LTD CPE-WiFi tracert RCE",
   "Description": "Shenzhen West dieter Technology Co., LTD CPE-WiFi Command execution vulnerability exists, and attackers can use this vulnerability to execute system commands.  ",
   "Product": "CPE-WiFi",
@@ -107,12 +100,4 @@ func init() {
       "CPE-WiFi"
     ]
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__tracert_RCE.go → lib/goby/goby_pocs/Shenzhen_West_dieter_Technology_Co_LTD_CPE_WiFi__tracert_RCE.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Shenzhen West dieter Technology Co LTD CPE-WiFi tracert RCE",
   "Description": "Shenzhen West dieter Technology Co., LTD CPE-WiFi Command execution vulnerability exists, and attackers can use this vulnerability to execute system commands.  ",
   "Product": "CPE-WiFi",
@@ -107,12 +100,4 @@ func init() {
       "CPE-WiFi"
     ]
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/TopSec_Reporter_Arbitrary_file_download_CNVD_2021_41972.go → lib/goby/goby_pocs/TopSec_Reporter_Arbitrary_file_download_CNVD_2021_41972.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "TopSec Reporter Arbitrary file download CNVD-2021-41972",
   "Description": "Tianrongxin Technology Group, founded on August 30, 1985, is a leading provider of network security, big data and secure cloud services in China.\\nRandom file download vulnerability exists in Tianrongxin Technology Group Reporter, which can be used by attackers to obtain sensitive information.",
   "Product": "TOPSEC Reporter",
@@ -125,12 +118,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Tuchuang_Library_System_Arbitrary_Reading_File_CNVD_2021_34454.go → lib/goby/goby_pocs/Tuchuang_Library_System_Arbitrary_Reading_File_CNVD_2021_34454.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Tuchuang Library System Arbitrary Reading File (CNVD-2021-34454)",
   "Description": "Guangzhou Tuchuang Computer Software Development Co., Ltd. is a high-tech enterprise integrating product development, application integration and customer service. Its main goal is to provide high quality application software system design, integration and maintenance services for users in the library industry\\nUsing the vulnerability, an attacker can read arbitrary files on a Windows or Linux server.Using the file reading vulnerability, the attacker can obtain the system file information, thus causing the sensitive information leakage.",
   "Product": "Tuchuang Library System",
@@ -94,12 +87,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Weaver_e_cology_OA_XStream_RCE_CVE_2021_21350.go → lib/goby/goby_pocs/Weaver_e_cology_OA_XStream_RCE_CVE_2021_21350.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Weaver e_cology OA XStream Remote Code Execution",
   "Level": "3",
   "Tags": [
@@ -95,12 +88,4 @@ func init() {
     "Hardware": null
   },
   "DisclosureDate": "2021-05-22"
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }

lib/goby/goby_pocs/Webgrind_File_read_cve_2018_12909.go → lib/goby/goby_pocs/Webgrind_File_read_cve_2018_12909.json

@@ -1,11 +1,4 @@
-package exploits
-
-import (
-	"git.gobies.org/goby/goscanner/goutils"
-)
-
-func init() {
-	expJson := `{
+{
   "Name": "Webgrind_File_read_cve-2018-12909",
   "Description": "<p>Webgrind是一套PHP执行时间分析工具。</p><p>Webgrind 1.5版本中存在安全漏洞，该漏洞源于程序依靠用户输入来显示文件。攻击者可借助index.php?op=fileviewer＆file= URI利用该漏洞查看可被Webserver用户访问的本地文件系统上的文件。</p>",
   "Product": "",
@@ -151,12 +144,4 @@ func init() {
     "System": null,
     "Hardware": null
   }
-}`
-
-	ExpManager.AddExploit(NewExploit(
-		goutils.GetFileName(),
-		expJson,
-		nil,
-		nil,
-	))
 }