Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/GhostTroops/scan4all/llms.txt

Use this file to discover all available pages before exploring further.

Overview

This section covers POCs for various other systems including VMware vCenter, Atlassian Confluence, GitLab, F5 BIG-IP, ThinkPHP, Fortinet, Microsoft products, and more.

VMware

vCenter RCE vulnerabilities

Confluence

OGNL injection RCE

GitLab

ExifTool RCE

F5 BIG-IP

TMUI & iControl RCE

ThinkPHP

PHP framework RCE

Microsoft

Exchange & SMB vulns

Fastjson

Java JSON RCE

JBoss

Deserialization RCE

PHPUnit

PHP testing RCE

VMware vCenter

CVE-2021-21985 - vCenter RCE

CVE-2021-21985

TypeRemote Code Execution
Affected ProductVMware vCenter Server
Discovery DateMay 2021
CVSS Score9.8 (Critical)
Description: RCE vulnerability in the vSphere Client (HTML5) via the Virtual SAN Health Check plugin. Allows unauthenticated attackers to execute arbitrary commands. Source: pocs_go/VMware/vCenter/CVE_2021_21985.go

CVE-2022-22954 - VMware Workspace ONE RCE

CVE-2022-22954

TypeRemote Code Execution (SSTI)
Affected ProductVMware Workspace ONE Access, Identity Manager
Discovery DateApril 2022
CVSS Score9.8 (Critical)
Description: Server-side template injection (SSTI) vulnerability allowing unauthenticated RCE. Attack Vector: Template injection in authentication workflow Source: pocs_go/VMware/vCenter/CVE-2022-22954.go

CVE-2022-22972 - Authentication Bypass

CVE-2022-22972

TypeAuthentication Bypass
Affected ProductVMware Workspace ONE Access, Identity Manager
Discovery DateMay 2022
CVSS Score9.8 (Critical)
Description: Authentication bypass leading to privilege escalation and potential RCE. Source: pocs_go/VMware/vCenter/CVE_2022_22972.go

Atlassian Confluence

CVE-2021-26084 - OGNL Injection RCE

CVE-2021-26084

TypeRemote Code Execution (OGNL Injection)
Affected ProductAtlassian Confluence Server/Data Center
Discovery DateAugust 2021
CVSS Score9.8 (Critical)
Description: OGNL (Object-Graph Navigation Language) injection vulnerability in Confluence Server and Data Center that allows unauthenticated attackers to execute arbitrary code. Attack Vector: Malicious OGNL expressions in HTTP requests Source: pocs_go/confluence/CVE_2021_26084.go

CVE-2021-26085

CVE-2021-26085

TypeConfluence Vulnerability
Affected ProductAtlassian Confluence
Discovery DateAugust 2021
Source: pocs_go/confluence/CVE-2021-26085.go

CVE-2022-26134 - OGNL Injection RCE

CVE-2022-26134

TypeRemote Code Execution
Affected ProductAtlassian Confluence Server/Data Center
Discovery DateJune 2022
CVSS Score9.8 (Critical)
Description: Unauthenticated OGNL injection leading to RCE. Actively exploited in the wild. Source: pocs_go/confluence/CVE_2022_26134.go

CVE-2022-26318

CVE-2022-26318

TypeConfluence Vulnerability
Affected ProductAtlassian Confluence
Discovery Date2022
Source: pocs_go/confluence/CVE_2022_26318.go

GitLab

CVE-2021-22205 - ExifTool RCE

CVE-2021-22205

TypeRemote Code Execution
Affected ProductGitLab CE/EE
Discovery DateApril 2021
CVSS Score10.0 (Critical)
Description: RCE via ExifTool when processing image files. The vulnerability exists in GitLab’s image upload functionality. Attack Vector: Malicious image file with crafted metadata Exploitation:
  1. Upload crafted image file
  2. ExifTool processes metadata
  3. Arbitrary command execution
Source: pocs_go/gitlab/CVE_2021_22205.go

CVE-2022-2185

CVE-2022-2185

TypeGitLab Vulnerability
Affected ProductGitLab
Discovery DateJune 2022
Source: pocs_go/gitlab/CVE-2022-2185.go

F5 BIG-IP

CVE-2020-5902 - TMUI RCE

CVE-2020-5902

TypeRemote Code Execution
Affected ProductF5 BIG-IP
Discovery DateJuly 2020
CVSS Score9.8 (Critical)
Description: Directory traversal and RCE in Traffic Management User Interface (TMUI). Allows unauthenticated attackers to execute arbitrary commands. Vulnerable Component: TMUI (web management interface) Attack Vector: Directory traversal → file read/write → RCE Source: pocs_go/f5/CVE_2020_5902.go

CVE-2021-22986 - iControl REST RCE

CVE-2021-22986

TypeRemote Code Execution
Affected ProductF5 BIG-IP iControl REST
Discovery DateMarch 2021
CVSS Score9.8 (Critical)
Description: Unauthenticated RCE via iControl REST API. Source: pocs_go/f5/CVE_2021_22986.go

CVE-2022-1388 - Authentication Bypass RCE

CVE-2022-1388

TypeAuthentication Bypass → RCE
Affected ProductF5 BIG-IP
Discovery DateMay 2022
CVSS Score9.8 (Critical)
Description: Missing authentication check in iControl REST allows unauthenticated RCE. Exploitation: Manipulate HTTP headers to bypass authentication Source: pocs_go/f5/CVE_2022_1388.go

ThinkPHP

CVE-2019-9082

CVE-2019-9082

TypeRemote Code Execution
Affected Versions< 3.2.4
Discovery DateFebruary 2019
Description: RCE vulnerability in ThinkPHP framework versions before 3.2.4. Source: pocs_go/ThinkPHP/check.go

CVE-2018-20062

CVE-2018-20062

TypeRemote Code Execution
Affected Versions5.0.23 and earlier, 5.1.31 and earlier
Discovery DateDecember 2018
CVSS Score9.8 (Critical)
Description: RCE via Request class in ThinkPHP 5.x. Source: pocs_go/ThinkPHP/check.go

Fastjson

VER-1262 - Autotype RCE

Fastjson VER-1262

TypeRemote Code Execution
Affected Versions≤ 1.2.62
IssueAutotype Deserialization
Description: Fastjson autotype feature allows deserialization of arbitrary Java objects, leading to RCE. Attack Vector: Malicious JSON payload with @type directive Example Payload: 
{
  "@type": "java.net.Inet4Address",
  "val": "dnslog.cn"
}
Source: pocs_go/fastjson/check.go

JBoss

CVE-2017-12149 - Deserialization RCE

CVE-2017-12149

TypeDeserialization RCE
Affected VersionsJBoss AS 5.x/6.x
Discovery DateAugust 2017
CVSS Score8.1 (High)
Description: Java deserialization vulnerability in JBoss Application Server. Component: ReadOnlyAccessFilter Source: pocs_go/jboss/CVE_2017_12149.go

PHPUnit

CVE-2017-9841 - RCE

CVE-2017-9841

TypeRemote Code Execution
Affected Versions4.x < 4.8.28, 5.x < 5.6.3
Discovery DateJune 2017
CVSS Score9.8 (Critical)
Description: PHPUnit’s eval-stdin.php allows arbitrary PHP code execution when left in production. Vulnerable File: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Exploitation: 
curl -X POST http://target/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php \
  --data '<?php system("id"); ?>'
Source: pocs_go/phpunit/CVE_2017_9841.go

Microsoft Products

CVE-2020-0796 - SMBGhost

CVE-2020-0796 (SMBGhost)

TypeRemote Code Execution
Affected ProductWindows 10, Windows Server 2019
Discovery DateMarch 2020
CVSS Score10.0 (Critical)
Description: Wormable RCE in SMBv3 protocol. Buffer overflow in compression handling. Port: 445 (SMB) Source: pocs_go/ms/CVE-2020-0796.go

CVE-2021-26855 - ProxyLogon

CVE-2021-26855 (ProxyLogon)

TypeSSRF → Authentication Bypass → RCE
Affected ProductMicrosoft Exchange Server
Discovery DateMarch 2021
CVSS Score9.8 (Critical)
Description: Part of ProxyLogon chain. SSRF allows bypassing authentication and accessing arbitrary backend resources. Attack Chain: CVE-2021-26855 (SSRF) → CVE-2021-26857 (Deserialization) → CVE-2021-26858 (File Write) → CVE-2021-27065 (File Write) Sources:
  • pocs_go/ms/CVE_2021_26855.go
  • pocs_go/ms/exchange/proxylogon.go
  • pocs_go/ms/exchange/chkproxyshell.go

CVE-2018-14847 - MikroTik RouterOS

CVE-2018-14847

TypeDirectory Traversal
Affected ProductMikroTik RouterOS
Discovery DateJuly 2018
Description: Directory traversal in MikroTik RouterOS web interface. Source: pocs_go/ms/CVE_2018_14847.go

Fortinet

CVE-2018-13380 - FortiOS SSL VPN

CVE-2018-13380

TypePath Traversal / Credential Disclosure
Affected ProductFortinet FortiOS SSL VPN
Discovery DateMay 2019
CVSS Score9.8 (Critical)
Description: Path traversal vulnerability allows reading system files including plaintext VPN credentials. Source: pocs_go/CVE-2018-13380.go

Open Management Infrastructure

CVE-2021-38647 - OMI RCE

CVE-2021-38647

TypeRemote Code Execution
Affected ProductOpen Management Infrastructure (OMI)
Discovery DateSeptember 2021
CVSS Score9.8 (Critical)
Description: RCE in Microsoft’s Open Management Infrastructure agent used in Azure. Source: pocs_go/CVE-2021-38647.go

Zabbix

CVE-2022-23131 - Authentication Bypass

CVE-2022-23131

TypeAuthentication Bypass
Affected ProductZabbix
Discovery DateJanuary 2022
Description: Authentication bypass in Zabbix monitoring system. Source: pocs_go/zabbix/CVE-2022-23131.go

Chinese Software Systems

scan4all also includes POCs for various Chinese software systems commonly used in China:
System: Seeyon Office AutomationLocation: pocs_go/seeyon/Description: Multiple vulnerabilities in Seeyon OA system
System: Tongda Office AutomationLocation: pocs_go/tongda/Description: Multiple vulnerabilities in Tongda OA system
System: Landray EKPCVE: Landray_RCELocation: pocs_go/landray/Landray_RCE.go
System: Zentao Project ManagementLocation: pocs_go/zentao/
System: MCMS Content ManagementVulnerability: Front Desk SQL InjectionLocation: pocs_go/mcms/Front_Desk_sqlinject.go
System: Sunlogin Remote ControlLocation: pocs_go/sunlogin/

Usage

# Scan for all vulnerabilities
scan4all -h http://target.com

# Scan specific system
scan4all -h http://vcenter.example.com -poc vmware
scan4all -h http://confluence.example.com -poc confluence

# Test specific CVE
scan4all -h http://target.com -poc CVE-2021-22205

Source Code Structure

pocs_go/
├── VMware/vCenter/          # VMware vCenter vulnerabilities
├── confluence/              # Atlassian Confluence
├── gitlab/                  # GitLab vulnerabilities
├── f5/                      # F5 BIG-IP
├── ThinkPHP/                # ThinkPHP framework
├── fastjson/                # Fastjson library
├── jboss/                   # JBoss Application Server
├── phpunit/                 # PHPUnit testing framework
├── ms/                      # Microsoft products
│   └── exchange/           # Microsoft Exchange
├── seeyon/                  # Seeyon OA
├── tongda/                  # Tongda OA
├── landray/                 # Landray EKP
├── zentao/                  # Zentao PM
├── mcms/                    # MCMS
├── sunlogin/                # Sunlogin
├── zabbix/                  # Zabbix monitoring
├── spark/                   # Apache Spark
└── *.go                     # Root-level POCs

Mitigation General Guidelines

1

Keep Software Updated

Regularly update all software to the latest stable versions
2

Network Segmentation

Isolate critical systems from public internet
3

Enable Authentication

Ensure all services require strong authentication
4

Monitor Logs

Implement centralized logging and monitoring
5

Security Assessments

Perform regular vulnerability assessments
6

Incident Response

Have an incident response plan ready

References

Many of these vulnerabilities are actively exploited in the wild. Ensure affected systems are patched immediately.