对乌云漏洞库的分析

字数

2735 字

阅读时间

16 分钟

漏洞都是相似的，但挖洞姿势却各有各的不同。

最近收集了很多src的资产域名，正在琢磨怎么用自动化扫描器来扫描，于是有了这个想法。乌云漏洞库有很多样本案例，网络上好像还没有人公开整理过乌云漏洞库中的payload，所以来分析一下吸取乌云前辈们的经验吧。

过程

过程很容易，爬取了乌云镜像库，并将所有出现过的漏洞链接存储起来。但网页中展示的格式都不太一致，在通过手工测试三四十个样本后，才终于将提取规则完善。

存储格式类似

最后保存的json格式大概有30M大小。

结论

出现漏洞的端口Top100

端口号	出现次数
8080	6710
80	2458
81	1345
8081	925
7001	885
8000	882
8088	740
8888	735
9090	578
8090	477
88	446
8001	406
82	401
9080	350
8082	301
8089	265
9000	225
8443	206
9999	185
8002	162
89	160
8083	142
8200	141
8008	135
90	135
8086	129
801	127
8011	120
8085	120
9001	118
9200	117
8100	111
8012	108
85	105
8084	102
8070	101
7002	99
8091	94
8003	92
99	91
7777	84
8010	78
443	73
8028	72
8087	71
83	70
7003	70
10000	68
808	64
38888	64
8181	64
800	63
18080	63
8099	62
8899	62
86	62
8360	58
8300	57
8800	52
8180	52
3505	49
7000	49
9002	47
8053	43
1000	42
7080	40
8989	38
28017	38
9060	36
888	34
3000	34
8006	34
41516	34
880	34
8484	34
6677	33
8016	32
84	32
7200	31
9085	30
5555	30
8280	29
7005	29
1980	29
8161	28
9091	27
7890	27
8060	27
6080	27
8880	26
8020	26
7070	26
889	26
8881	24
9081	24
8009	24
7007	24
8004	23
38501	23
1010	23

最后得到的端口数量在1104，说明在端口扫描时，只需要扫描这一千端口就行，很大节省了效率。

对路径的统计

ASP Top100

路径	出现次数
/news_show.asp	233
/about.asp	205
/news.asp	201
/login.asp	173
/index.asp	167
/admin/login.asp	141
/list.asp	130
/show.asp	112
/shownews.asp	88
/search.asp	85
/News_show.asp	85
/product.asp	83
/news_list.asp	70
/article.asp	67
/view.asp	59
/default_standard.asp	59
/info.asp	58
/news_more.asp	57
/newshow.asp	54
/news_detail.asp	48
/news_view.asp	47
/admin/index.asp	46
/products.asp	46
/nzcms_list_news.asp	46
/read.asp	44
/index1.asp	44
/detail.asp	43
/contact.asp	42
/tt/inc/login.asp	41
/default.asp	41
/readnews.asp	40
/mucc/about.asp	39
/doc/page/main.asp	38
/About.asp	37
/onews.asp	37
/cp.asp	37
/News.asp	36
/content.asp	36
/doc/page/login.asp	36
/productshow.asp	35
/view_n.asp	34
/new.asp	33
/pic.asp	33
/newsDetail.asp	33
/job.asp	33
/_JBRCMS/Manager/jbr_UploadConfig.asp	33
/newsinfo.asp	32
/newsbrow.asp	30
/newsview.asp	29
/admin/admin_login.asp	29
/class.asp	28
/ProductShow.asp	28
/productview.asp	28
/Article_Print.asp	27
/newsshow.asp	27
/LstInfo.asp	27
/page.asp	25
/jiannya/default.asp	25
/CompHonorBig.asp	24
/adminqibo5/Edit/editor/resurm_upfile.asp	24
/feedback.asp	23
/viewnews.asp	22
/manage/login.asp	22
/ShowNews.asp	22
/more.asp	22
/hn_type.asp	22
/1.asp	21
/service.asp	20
/admin/Login.asp	20
/readpro.asp	20
/sbweb/nameedit.asp	20
/Body.asp	20
/opensoft.asp	20
/main.asp	19
/showcareer.asp	19
/company.asp	19
/Pro_shcn.asp	19
/jjweb/nameedit.asp	19
/cpinfo.asp	19
/Htmledit/admin/login.asp	19
//liuyan.asp	19
/showfwly.asp	19
/MoralsView.asp	18
/user/reg.asp	18
/product_show.asp	18
/fuwu_list.asp	18
/lesiure/up.asp	18
/shell.asp	17
/admin.asp	17
/admin/admin.asp	17
/showservices.asp	17
/manage/html/ewebeditor/admin_login.asp	17
/Newsview.asp	17
/admin/Admin_Login.asp	16
/down.asp	16
/info_Print.asp	16
/person/mailbox.asp	16
/jieshao.asp	16
/type.asp	16
/product_cate.asp	16

ASPX Top100

路径	出现次数
/Default.aspx	349
/login.aspx	341
/UIFrameWork/login.aspx	307
/Login.aspx	288
/Detail.aspx	209
/admin/login.aspx	157
/index.aspx	127
/default.aspx	124
/OT.OA.WEB/UIFrameWork/login.aspx	76
/search.aspx	58
/userlogin.aspx	57
/list.aspx	54
/Admin/login.aspx	48
/custom/GroupNewsList.aspx	45
//SubCategory.aspx	42
/manage/login.aspx	38
/aspx/gqxx.aspx	38
/newsView.aspx	38
/news.aspx	37
/Search.aspx	34
/admin/index.aspx	31
/Web/Login/PSCP01001.aspx	30
/city_index.aspx	30
/main.aspx	29
/newslist.aspx	29
/admin/Login.aspx	28
/show.aspx	28
/Admin/Index.aspx	27
/SubCategory.aspx	26
/G2S/AdminSpace/QE/AddCustomForm.aspx	26
/NewsList.aspx	25
/Index.aspx	24
/about.aspx	23
/gmis/leftmenu.aspx	23
/Permission/Application_Query_List.aspx	22
/test.aspx	22
/site/ajax/WebSiteAjax.aspx	22
/select_e.aspx	22
/ExhibitionCenter.aspx	22
/system/stu_user_regist.aspx	21
/News.aspx	21
/workplate/xzsp/gxxt/tjfx/spsl.aspx	21
/manager/member/admin_add.aspx	20
/workplate/xzsp/tjfx/grbjtj/list.aspx	20
/zfmllist.aspx	20
/workplate/base/person/listbyorgsel.aspx	20
/NewsDetail.aspx	19
/Supplylist.aspx	19
/Product/ProductList.aspx	19
/Web/Login.aspx	18
/articleview.aspx	18
/model/TwoGradePage/equipmentlist.aspx	18
/json_db/other_report.aspx	18
/json_db/flight_return.aspx	18
//bos/desktop/RequestOrResponse.aspx	18
/Broadcast/Broadcast.aspx	18
/json_db/meb_list.aspx	18
/searchbargain.aspx	18
/json_db/air_company.aspx	18
/RiskInfo.aspx	18
/owa/auth/logon.aspx	17
/WebDefault3.aspx	17
/article.aspx	17
/G2S//AdminSpace/PublicClass/AddCourseWare.aspx	17
/news_view.aspx	16
/info.aspx	16
/CommonPage.aspx	16
/DownLoadPage.aspx	16
/fckeditor/editor/filemanager/connectors/aspx/connector.aspx	16
/support/minisite/thinkpad/htmls/advancedsearch.aspx	16
/emlib4/format/release/aspx/eml_homepage.aspx	16
/Gmis/Byyxwgl/xls_lwdbxxedit.aspx	16
/CMSUploadFile.aspx	16
/Main.aspx	15
/OrderDetail.aspx	15
/webSchool/list.aspx	15
/Magazine/NewMagazine.aspx	15
/k4/list.aspx	15
/k1/preview.aspx	15
/MoreIndex.aspx	15
/sysadmin/Login.aspx	15
/persondh/urgent.aspx	15
/OnlineQuery/QueryList.aspx	15
/Broadcast/displayNewsPic.aspx	15
/Web/News.aspx	15
/ModifyPassWord.aspx	15
/ftb.imagegallery.aspx	14
/TableDataManage/BaseInforQueryContent.aspx	14
/presellbuild.aspx	14
/tabid/2159/Default.aspx	14
/cart.aspx	14
/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx	14
/admin/course/uploaddemo.aspx	14
/searchLines.aspx	14
/help/pendantShow.aspx	14
/BsGuide.aspx	13
/NewsView.aspx	13
/Admin/fileManage.aspx	13
/ShowNews.aspx	13
/Web_Site/Search.aspx	13

Jsp Top100

路径	出现次数
/login.jsp	317
/index.jsp	176
/kingdee/login/loginpage.jsp	160
/get_pwd.jsp	126
/zecmd/zecmd.jsp	109
/console/login/LoginForm.jsp	103
/login/Login.jsp	88
/customer.jsp	87
/is/index.jsp	81
/uddiexplorer/SearchPublicRegistries.jsp	79
/yyoa/common/js/menu/test.jsp	74
/jcms/interface/user/out_userinfo.jsp	59
/seeyon/index.jsp	53
/download.jsp	53
/yyoa/checkWaitdo.jsp	50
/admin/login.jsp	49
/list.jsp	46
/defaultroot/login.jsp	45
/upload5warn/shell.jsp	45
/search.jsp	43
/myname/wooyun.jsp	40
/web/epublic/upload.jsp	39
/yyoa/indexPass.jsp	39
/yyoa/common/selectPersonNew/initData.jsp	37
/bak.jsp	35
/yyoa/index.jsp	35
/postAjax.jsp	35
/cK/foot.jsp	34
/tools/SWFUpload/upload.jsp	32
/nei.jsp	32
/1.jsp	31
/wooyun.jsp	31
/is/cmd.jsp	30
/download/download.jsp	29
/cmd.jsp	29
/webschool/News/news_list.jsp	28
/chopper/chopper.jsp	27
/business/notifyView.jsp	27
/sofpro/gecs/consulmanage/wsts/bbs_title_list1.jsp	27
/live800/downlog.jsp	26
/Silic.jsp	26
/edoas2/oa.jsp	26
/wooyun/wooyun.jsp	25
/jmxroot/jmxroot.jsp	25
/manage/content/docmanage/download.jsp	25
/ConInfoParticular.jsp	24
/uddiexplorer/out.jsp	23
/1/sx/login.jsp	23
/templates/index/hrlogon.jsp	23
/comm_front/tzzx/uploadImageFile_do.jsp	23
/yyoa/ext/https/getSessionList.jsp	22
/admin/index.jsp	22
/shell.jsp	22
/admin/upload.jsp	22
/detail.jsp	22
/1/sjleader/login.jsp	22
/admin/select.jsp	22
/admin/fxx.jsp	22
/jbossass/jbossass.jsp	21
/yyoa/HJ/iSignatureHtmlServer.jsp	21
/eol/homepage/common/index.jsp	21
/a/pwn.jsp	21
/web/common/getfile.jsp	21
/upload.jsp	20
/test.jsp	20
/homepage/LoginHomepage.jsp	20
/page/maint/common/UserResourceUpload.jsp	20
/zpsys/index.jsp	20
/vc/vc/para/opr_initvc.jsp	20
/pages/manager/managerAddNManager.jsp	20
/hdcy/zxzx_show.jsp	20
/yyoa/assess/js/initDataAssess.jsp	19
/upload5warn/wooyun.jsp	19
/cms/weblawcase/impList.jsp	19
/nicknamelogin.jsp	19
/ca/ma3.jsp	19
/gkznInfo.jsp	19
/myname/index.jsp	18
/df/index.jsp	18
/guige.jsp	18
/coremail/index.jsp	18
/syfile/swfUpload.jsp	18
/admin/protected/index.jsp	17
/2/sjtj/login.jsp	17
/news.jsp	17
/site/law_artile.jsp	17
/zwdtSjgl/Directory/lastDirList_iframe.jsp	17
/content/topicdeal.jsp	17
/webschool/Book/news_list.jsp	17
//web/careerapply/HrmCareerApplyPerView.jsp	16
/cms/web/downloadFiles.jsp	16
/TSPB/web/xzzx/xzzx.jsp	16
/prosec.jsp	16
/adminroot/common/downLoadFile.jsp	16
/uddiexplorer/SetupUDDIExplorer.jsp	15
/kingdee/login/loginpage2.jsp	15
/wui/theme/ecology7/page/login.jsp	15
/f1print/F1PrintKernelJ1.jsp	15
/login/login.jsp	15
/eln3_asp/public/cscec8b/bulletin.jsp	15

PHP Top100

路径	出现次数
/index.php	2456
/admin.php	278
/login.php	243
/forum.php	240
/share/share.php	227
/news.php	208
/info.php	191
/phpinfo.php	181
/plus/search.php	173
/test.php	162
/admin/login.php	162
/src/system/login.php	146
/article.php	140
/plus/recommend.php	138
/search.php	136
/list.php	132
/api.php	117
/admin/index.php	117
/CmxDownload.php	113
/about.php	109
/news_show.php	98
/download.php	97
/home.php	81
/login/login.php	80
/user.php	79
/show.php	76
/page.php	71
/product.php	68
/wp-login.php	67
/main.php	67
/detail.php	65
/news_detail.php	64
/faq.php	64
/default.php	60
/content.php	59
//plus/recommend.php	58
/news_display.php	57
/up/UploadTemp/eval.php	57
/down.php	55
/www/index.php	55
/user/storage_explore.php	54
/abouts.php	53
/uc_server/admin.php	50
/rss.php	49
/wescms/index.php	49
/1.php	45
/news_info.php	43
/products_display.php	42
/newsdetail.php	41
/phpmyadmin/index.php	39
/class.php	39
/more.php	38
//index.php	38
/userlist.php	37
/plugin.php	36
/*.php	36
/products.php	35
/pics_list.php	34
/plus/mytag_js.php	34
/news_list.php	34
/newsinfo.php	34
/smenu.php	33
/include/web_content.php	31
/batch.common.php	31
/space.php	30
/modules.php	30
/view.php	30
/read.php	30
/job.php	30
/do.php	29
/link.php	29
/displaynews.php	29
/viewthread.php	28
/m.php	28
/web/index.php	28
/member/index.php	28
/ajax.php	27
/impl/rpc_company_info_minkh.php	27
//plus/search.php	27
/thi.php	27
/i.php	26
/member.php	25
/webmail/login.php	25
/admincp.php	25
/download_list.php	25
/cmxlogin.php	25
/auto_reg.php	25
/register.php	24
/news/class/index.php	24
/prog/index.php	24
/thi_details.php	23
/topic.php	23
/shopadmin/index.php	23
/cp.php	23
/phpsso_server/index.php	23
/common/web_meeting/index.php	23
/cn/products.php	23
/Customize/Audit/MessageMonitor/groupSearch.php	23
/new/client.php	23
/notice.php	22

Action Top100

路径	出现次数
/root/chat.action	429
/login.action	291
/index.action	227
/homeLogin.action	46
/portal/login_init.action	46
/stardy/Login.action	40
/login_login.action	24
/license!getExpireDateOfDays.action	23
/indexAction.action	23
/index/downLoadFile.action	22
/common/common_info.action	21
/pages/xxfb/editor/uploadAction.action	21
/accountlossList.action	21
/ggxxfb.action	21
/ivhs/ajax_updateUserInfo.action	20
/download.action	19
/Login.action	19
/syfile/imageCompress.action	18
/managerOneGgxxfb.action	18
/user/login.action	17
/loginAction!login.action	16
/index!index.action	15
/login/login.action	15
/managerNManager.action	15
/home.action	14
/indexmanagerLogin.action	14
/ahsffyww/Default3.action	14
/DRP/login.action	12
/spam/system/index.action	12
/user/gotoLoginPage.action	12
/ecp/announcement/announcement_view2.action	12
/managerAddNManager.action	12
/managerEditNManager.action	12
/main.action	11
/system/login_login.action	11
/login!login.action	10
/loginAction.action	10
/login/index.action	10
/logout.action	10
/register.action	10
/security/loginInit.action	10
/bgxz/bgxzAction_executeBack.action	10
/nFixcardAllList.action	10
/beian/login_login.action	10
//opac_two/mylibrary/comment/queryAllComment.action	10
/module/newzwgk/getmainById.action	10
/index/index.action	9
/shop/member!passwordRecover.action	9
/mail/login.action	9
/admin/login.action	9
/htweixin/InsuranceDownload.action	9
//admin/user_logon.action	9
/BSBM/loginedLogin.action	9
/robot/check-login.action	8
/website/dflz/dflzSiteAction!sjList.action	8
/module/newzwgk/viewquan.action	8
/hbwz/wcms/searchAll.action	8
/ahsffyww/Default2.action	8
/wfvideo/login.action	8
/website-rank/addVoteRecord.action	8
/module/newzwgk/viewZwxxQianMore.action	8
/superadmin/index.action	7
/mall/ui/giftIndex.action	7
/userlogin.action	7
/cms/admin/login.action	7
/szxy/logon.action	7
/virtual/shouye.action	7
/feedback/buyIntention!saveBuyIntentionInfo.action	7
/superadmin/adminLogin.action	7
/Index.action	7
/security/login.action	7
/MemberToLoginIgnore.action	7
/rdms/satisfyaid/actions/cstContactAction!register.action	7
/regmail/download.action	7
/IndexAction.action	6
/publish/query/indexFirst.action	6
/manage/login.action	6
/home/index.action	6
/eeoaftp/downloadFile.action	6
/eis/index.action	6
/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action	6
/css/myquery/queryWQSBill.action	6
/LoginAction.action	6
/detail.action	6
/index/index!list.action	6
/auth/login.action	6
/server/spreq/attachment!download.action	6
/lmsv5/user!editUserInfo.action	6
/5clib/bookWeb.action	6
/otomc/user/loginUI.action	6
/im-client/imclient/selfHelp.action	6
/ahsffyww/ZXDefault2.action	6
/user!login.action	6
/Dzsw/Shky/hwky.wai/index.action	6
/aic/webnz/welcome-web-home!welcome.action	6
/ess/Homepage.action	6
/skypearl/cn/toPrintCard.action	6
/spdt/spdt_listSp.action	6
/xxsearch.action	6
/web/Info!list.action	6

目录Top100

路径	出现次数
/admin	2639
/user	848
/.svn	825
/.git	670
/login	615
/plus	550
/news	533
/web	517
/upload	495
/manager	469
/xxgk/services	465
/root	437
/manage	411
/ftp/com1/html	409
/cgi-bin	406
/servlet	348
/content	333
/api	331
/share	329
/member	315
/UIFrameWork	309
/cn	277
/bbs	275
/jmx-console	273
/index	245
/invoker	244
/s	231
/phpmyadmin	222
/search	220
/Admin	211
/papers	208
/yyoa	207
/common	206
/system	202
/opac	196
/account	196
/uddiexplorer	195
/ajax	190
/cms	188
/2001	187
/kingdee/login	178
/Gmis/xw	173
/1999	168
/include	164
/portal	161
/back/ticket	161
/oa	159
/Gmis/Byyxwgl	158
/home	156
/data	155
/src/system	148
/WEB-INF	141
/main	140
/Chinese	134
/order	132
/gov/services	132
/wap	131
/console	130
/app	130
/is	129
/Web	127
/resin-doc/resource/tutorial/jndi-appconfig	126
/seeyon	124
/config	123
/images	121
/download	120
/view	118
/public	117
/product	117
/model/TwoGradePage	117
/knowledge/ClassShow	115
/en	114
/zecmd	114
/m	114
/soap/envelope	112
/about	111
/install	110
/tushu	107
/ckq	107
/poweb	106
/tips	105
/resin-doc/viewfile	104
/www	104
/console/login	103
/html	103
/bbs/topic	103
/data/admin	103
/wscgs	102
/sys	102
/test	99
/list	99
/v_show	98
/p	97
/fckeditor/editor/filemanager/browser/default	97
/User	96
/uc_server	96
//plus	96
/site	95
/detail	95
/index.php	94

参数分析

因为无法通过自动化程序把存在漏洞的参数提取出来，所以只是暴力的把所有url的参数都提取了出来，所以这些top参数不一定有代表性，但作为字典应该是不错的。

get参数Top100

参数	出现次数
id	6845
action	1643
type	1503
m	1013
a	992
c	855
act	829
page	813
uid	616
url	585
method	545
cid	545
ID	528
mod	521
aid	490
keyword	474
key	449
t	449
q	444
callback	427
sid	426
s	421
name	407
tid	399
pid	392
code	354
r	316
p	307
file	301
Type	294
do	294
redirect	292
username	291
_	278
op	259
filename	252
path	251
from	230
classid	227
f	222
fid	221
app	213
cmd	213
typeid	203
_FILES	201
ac	194
title	192
fileName	191
userid	190
v	189
flag	176
catid	170
Connector	166
bid	158
order	150
wd	150
mid	150
lang	145
nid	143
city	142
CurrentFolder	139
newsid	138
Command	137
password	131
d	128
source	127
sort	126
user	125
token	122
module	120
class	118
userId	115
dir	113
ie	111
Id	108
pwd	107
num	106
email	103
appid	102
u	102
mobile	102
i	102
keywords	100
version	100
status	99
gid	99
typeArr	96
g	96
service	95
o	95
ArticleID	94
query	94
filePath	94
orderId	94
redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D	93
category	92
word	92
user_id	92
k	91
channel	90

post参数Top100

参数	出现次数
password	457
__VIEWSTATE	430
__EVENTVALIDATION	315
username	313
__EVENTTARGET	210
__EVENTARGUMENT	210
type	145
name	113
id	111
Submit	109
__VIEWSTATEGENERATOR	103
action	98
email	97
mobile	87
page	86
submit	85
pwd	67
uid	66
act	64
phone	59
code	54
userName	54
keyword	52
__LASTFOCUS	50
city	50
<a href	47
userid	47
content	43
account	42
y	42
address	41
x	41
UserName	40
title	39
button	39
token	38
Password	37
Button1	37
passwd	37
province	36
tel	36
sex	35
pageSize	33
txtPassword	29
userId	29
version	29
txtUserName	29
url	28
sort	28
key	27
ImageButton1.y	27
ImageButton1.x	27
user	27
pageNo	25
method	25
status	24
login	22
sid	22
channel	22
qq	21
flag	21
TextBox1	20
btnSearch	20
pass	20
user_id	20
domain	20
rows	20
?>	19
from	19
sign	19
uname	19
order	19
txtPwd	19
pid	18
btnLogin	18
pageIndex	18
search	18
keywords	18
loginName	18
lang	17
user_name	17
timestamp	17
imei	17
PassWord	17
captcha	16
number	16
language	16
B1	16
appid	16
area	15
hash	15
}	15
(b)((‘\43context[\’xwork.MethodAccessor.denyMethodExecution\’]\75false’)(b))	14
(‘\43c’)((‘\43_memberAccess.excludeProperties<a href	14
imageField.y	14
imageField.x	14
limit	14
loginname	14
txtName	14
cmd	14

Cookie参数Top100

参数	出现次数
__utma	226
__utmz	221
__utmc	169
__utmb	142
HMACCOUNT	126
bdshare_firstime	100
pgv_pvi	99
_ga	91
BAIDUID	80
__utmt	71
pgv_si	69
AJSTAT_ok_times	56
ci_session	55
_gat	49
uid	37
CheckCode	33
safedog-flow-item	33
SERVERID	31
lzstat_uv	27
username	23
IESESSION	23
vjuids	23
ECS_ID	22
ECS[display]	21
ECS[history]	21
AJSTAT_ok_pages	21
ECS[visit_times]	18
pgv_pvid	18
SUV	18
vjlast	18
city	17
iweb_hisgoods[15]	16
IPLOC	15
cck_count	15
cck_lasttime	15
lvsessionid	14
LXB_REFER	14
iweb_hisgoods[26]	13
cookie	13
CoreID6	13
NTKF_T2D_CLIENTID	13
userName	12
loginName	12
BAIDU_DUP_lcr	12
td_cookie	12
ECSCP_ID	12
_jzqx	12
userid	12
hd_sid	11
real_ipd	11
password	11
route	11
vary	11
nTalk_CACHE_DATA	11
token	11
WT_FPC	10
ADMINCONSOLESESSION	10
pgv_info	10
nickname	10
guid	10
jiathis_rdc	10
HMVT	10
tma	10
tmd	10
s	10
S[CART_TOTAL_PRICE]	10
S[CART_COUNT]	10
S[CART_NUMBER]	10
sessionid	10
_jzqa	10
looyu_id	10
dyh_lastactivity	9
SESSIONID	9
s_cc	9
s_sq	9
.ASPXAUTH	9
DedeUserID	9
DedeUserID__ckMd5	9
sid	9
user	9
clientlanguage	9
_jzqc	9
lang	9
wordpress_test_cookie	8
__qc_wId	8
language	8
hasshown	8
cityid	8
myie	8
s_nr	8
__RequestVerificationToken	8
…	8
DedeUsername	8
DedeUsername__ckMd5	8
loginState	8
ip_ck	8
vn	8
lv	8
pageReferrInSession	8
__cfduid	8

历史漏洞参数API

上面的top记录说实话我也看不出什么来，在整理了相关字典后，又有了这样一个想法。之前国外有大神通过深度学习了大量开源软件的源码及结构后做出来一款辅助编程的程序，当你输入代码前半段的时候会自动猜测意图并匹配出代码后半段，效果还不错。

所以，通过分析了这些样本后，我也能做出一个API，只需要一段url或从burpsuite中截取的请求包，api会分析域名，返回该域名的历史漏洞以及漏洞类型，通过分析参数(get,post,cookie),从历史漏洞库中匹配出该参数的历史漏洞以及漏洞类型。

如果把这个api集成到一些扫描器或burpsuite中，也不失为一个好的辅助手段～

2019.12.22 更新

将Burpsuite插件完成了：https://github.com/boy-hack/wooyun-payload

对乌云漏洞库的分析 ​

过程 ​

结论 ​

出现漏洞的端口Top100 ​

对路径的统计 ​

ASP Top100 ​

ASPX Top100 ​

Jsp Top100 ​

PHP Top100 ​

Action Top100 ​

目录Top100 ​

参数分析 ​

get参数Top100 ​

post参数Top100 ​

Cookie参数Top100 ​

历史漏洞参数API ​

2019.12.22 更新 ​