Skip to content

gunh0/kr-vulhub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

308 Commits
ActiveMQ/CVE-2016-3088
ActiveMQ/CVE-2016-3088
Β 
Β 
CouchDB/CVE-2017-12635
CouchDB/CVE-2017-12635
Β 
Β 
Django
Django
Β 
Β 
Elfinder/CVE-2021-32682
Elfinder/CVE-2021-32682
Β 
Β 
Express/CVE-2024-29041
Express/CVE-2024-29041
Β 
Β 
Flask/SSTI
Flask/SSTI
Β 
Β 
GeoServer
GeoServer
Β 
Β 
Gradio/CVE-2023-51449
Gradio/CVE-2023-51449
Β 
Β 
HugeGraph/CVE-2024-43441
HugeGraph/CVE-2024-43441
Β 
Β 
Librsvg/CVE-2023-38633
Librsvg/CVE-2023-38633
Β 
Β 
Libssh/CVE-2018-10933
Libssh/CVE-2018-10933
Β 
Β 
MongoExpress/CVE-2019-10758
MongoExpress/CVE-2019-10758
Β 
Β 
MySQL/CVE-2012-2122
MySQL/CVE-2012-2122
Β 
Β 
Next.js/CVE-2025-29927
Next.js/CVE-2025-29927
Β 
Β 
Nginx/CVE-2017-7529
Nginx/CVE-2017-7529
Β 
Β 
Node
Node
Β 
Β 
PHP/CVE-2012-1823
PHP/CVE-2012-1823
Β 
Β 
Python/CVE-2017-8291
Python/CVE-2017-8291
Β 
Β 
README.assets
README.assets
Β 
Β 
Redis/CVE-2022-0543
Redis/CVE-2022-0543
Β 
Β 
Spring
Spring
Β 
Β 
Struts2
Struts2
Β 
Β 
TikiWiki/CVE-2020-15906
TikiWiki/CVE-2020-15906
Β 
Β 
Tomcat/CVE-2020-1938
Tomcat/CVE-2020-1938
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Korean Vulhub (ν•œκΈ€νŒ)

logo

μ·¨μ•½ν•œ 도컀 ν™˜κ²½μ„ κ΅¬μΆ•ν•˜μ—¬, 이해도λ₯Ό 높이고, μ‹€μŠ΅μ„ 톡해 λ³΄μ•ˆ κΈ°μˆ μ„ μ΅νžˆλŠ” 것을 λͺ©ν‘œλ‘œ ν•©λ‹ˆλ‹€.

Vulhub (https://vulhub.org/) 을 μ°Έκ³ ν•˜μ—¬, λ‹€μ–‘ν•œ μ»¨ν…Œμ΄λ„ˆ 기반의 μ·¨μ•½ν•œ ν™˜κ²½μ„ κ΅¬μΆ•ν•©λ‹ˆλ‹€.


Table of Contents

  • ActiveMQ β€” Java 기반 μ˜€ν”ˆμ†ŒμŠ€ λ©”μ‹œμ§€ 브둜컀

    • CVE-2016-3088 β€” ActiveMQ fileserver μž„μ˜ 파일 μ“°κΈ° β†’ RCE
      • Contributor: @Roronoawjd | Risk Score: 9.8 (Reproducibility: 75%)

  • CouchDB β€” Erlang 기반 μ˜€ν”ˆμ†ŒμŠ€ λ¬Έμ„œ 지ν–₯ NoSQL λ°μ΄ν„°λ² μ΄μŠ€

    • CVE-2017-12635 β€” CouchDB JSON νŒŒμ„œ 뢈일치λ₯Ό μ΄μš©ν•œ 원격 κΆŒν•œ μƒμŠΉ
      • Contributor: @jason1343 | Risk Score: 9.8 (Reproducibility: 70%)

  • Django β€” Python 기반 μ›Ή ν”„λ ˆμž„μ›Œν¬

  • Express β€” Node.js μ›Ή ν”„λ ˆμž„μ›Œν¬

    • CVE-2024-29041 β€” Express μ˜€ν”ˆ λ¦¬λ‹€μ΄λ ‰νŠΈ 취약점
      • Contributor: @j93es | Risk Score: 6.1 (Reproducibility: 75%)

  • Elfinder β€” PHP 기반 μ›Ή 파일 κ΄€λ¦¬μž

    • CVE-2021-32682 β€” ZIP 인수 μ‚½μž…μ„ ν†΅ν•œ 원격 μ½”λ“œ μ‹€ν–‰
      • Contributor: @Tjdmin1 | Risk Score: 9.8 (Reproducibility: 75%)

  • Flask β€” Python κ²½λŸ‰ μ›Ή ν”„λ ˆμž„μ›Œν¬

    • SSTI β€” Server Side Template Injection
      • Contributor: @positiveWand | Risk Score: 9.0 (Reproducibility: 75%)

  • Gradio β€” Python 기반 ML λͺ¨λΈ μ›Ή μΈν„°νŽ˜μ΄μŠ€ 라이브러리

    • CVE-2023-51449 β€” /file μ—”λ“œν¬μΈνŠΈ 디렉터리 νŠΈλž˜λ²„μ„€
      • Contributor: @annseojin | Risk Score: 7.5 (Reproducibility: 80%)

  • GeoServer β€” Java 기반 μ˜€ν”ˆμ†ŒμŠ€ 곡간 데이터 μ„œλ²„

    • CVE-2023-25157 β€” GeoServer OGC ν•„ν„° SQL μΈμ μ…˜
      • Contributor: @djadydwls0720 | Risk Score: 9.8 (Reproducibility: 65%)
    • CVE-2023-25157 (2) β€” GeoServer OGC ν•„ν„° SQL μΈμ μ…˜
      • Contributor: @moooooji | Risk Score: 9.8 (Reproducibility: 60%)

  • HugeGraph β€” Apache 기반 μ˜€ν”ˆμ†ŒμŠ€ κ·Έλž˜ν”„ λ°μ΄ν„°λ² μ΄μŠ€

    • CVE-2024-43441 β€” JWT λΉ„λ°€ ν‚€ ν•˜λ“œμ½”λ”©μœΌλ‘œ μΈν•œ 인증 우회
      • Contributor: @HanTul | Risk Score: 9.8 (Reproducibility: 85%)

  • Librsvg β€” GNOME SVG λ Œλ”λ§ 라이브러리

    • CVE-2023-38633 β€” librsvg xi:include 디렉터리 탐색 파일 읽기
      • Contributor: @EL55 | Risk Score: 7.5 (Reproducibility: 80%)

  • Libssh β€” SSHv2 ν”„λ‘œν† μ½œ C 라이브러리

    • CVE-2018-10933 β€” libssh μ„œλ²„ state machine 인증 우회
      • Contributor: @hhtboy | Risk Score: 9.8 (Reproducibility: 75%)

  • MongoExpress β€” MongoDB μ›Ή 기반 관리 μΈν„°νŽ˜μ΄μŠ€

    • CVE-2019-10758 β€” mongo-express 원격 μ½”λ“œ μ‹€ν–‰
      • Contributor: @ilohas0021 | Risk Score: 9.8 (Reproducibility: 80%)

  • MySQL β€” κ΄€κ³„ν˜• λ°μ΄ν„°λ² μ΄μŠ€

    • CVE-2012-2122 β€” MySQL Authentication Bypass
      • Contributor: @baethwjd2 | Risk Score: 7.0 (Reproducibility: 70%)

  • Next.js β€” React 기반 ν’€μŠ€νƒ μ›Ή ν”„λ ˆμž„μ›Œν¬

    • CVE-2025-29927 β€” Next.js 미듀웨어 인가 우회
      • Contributor: @idealinsane | Risk Score: 9.1 (Reproducibility: 85%)

  • Nginx β€” κ³ μ„±λŠ₯ μ›Ή μ„œλ²„ / λ¦¬λ²„μŠ€ ν”„λ‘μ‹œ

    • CVE-2017-7529 β€” Nginx Integer Overflow Vulnerability
      • Contributor: @c0dep1ayer | Risk Score: 7.5 (Reproducibility: 75%)

  • Node β€” JavaScript λŸ°νƒ€μž„ ν™˜κ²½

    • CVE-2017-14849 β€” Node.js path.normalize() 디렉터리 탐색 취약점
      • Contributor: @ssongk | Risk Score: 7.5 (Reproducibility: 75%)
    • CVE-2017-14849 (2) β€” Node.js path.normalize() 디렉터리 탐색 취약점
      • Contributor: @junwonheo | Risk Score: 7.5 (Reproducibility: 65%)

  • PHP β€” μ„œλ²„ μ‚¬μ΄λ“œ 슀크립트 μ–Έμ–΄

    • CVE-2012-1823 β€” php-cgi 인자 μ£Όμž…μ„ ν†΅ν•œ 원격 μ½”λ“œ μ‹€ν–‰
      • Contributor: @kty121 | Risk Score: 9.8 (Reproducibility: 80%)

  • Python β€” Python λŸ°νƒ€μž„ ν™˜κ²½

    • CVE-2017-8291 β€” PIL(Pillow) GhostScript EPS 처리 RCE
      • Contributor: @wjdgnsdl213 | Risk Score: 9.8 (Reproducibility: 75%)

  • Redis β€” 인메λͺ¨λ¦¬ ν‚€-κ°’ λ°μ΄ν„°λ² μ΄μŠ€

    • CVE-2022-0543 β€” Lua μƒŒλ“œλ°•μŠ€ νƒˆμΆœμ„ ν†΅ν•œ 원격 μ½”λ“œ μ‹€ν–‰
      • Contributor: @yeo0n | Risk Score: 10.0 (Reproducibility: 65%)

  • Spring β€” Java μ—”ν„°ν”„λΌμ΄μ¦ˆ μ›Ή ν”„λ ˆμž„μ›Œν¬

    • CVE-2022-22963 β€” Spring Cloud Function SpEL μ½”λ“œ μ£Όμž…
      • Contributor: @foskingson | Risk Score: 9.8 (Reproducibility: 75%)
    • CVE-2022-22965 β€” Spring Framework RCE via Data Binding (Spring4Shell)
      • Contributor: @ddddabi | Risk Score: 9.8 (Reproducibility: 70%)
    • CVE-2022-22978 β€” Spring Security Authorization Bypass in RegexRequestMatcher
      • Contributor: @sub0810 | Risk Score: 9.8 (Reproducibility: 80%)

  • Struts2 β€” Java 기반 MVC μ›Ή ν”„λ ˆμž„μ›Œν¬

    • CVE-2018-11776 β€” Struts2 S2-057 URL 맀핑 OGNL ν‘œν˜„μ‹ μ£Όμž… RCE
      • Contributor: @ye11oc4t | Risk Score: 8.1 (Reproducibility: 80%)
    • CVE-2019-0230 β€” Struts2 S2-059 OGNL ν‘œν˜„μ‹ μ£Όμž… RCE
      • Contributor: @hy30nq | Risk Score: 9.8 (Reproducibility: 80%)

  • Tiki Wiki β€” PHP 기반 μ˜€ν”ˆμ†ŒμŠ€ CMS / Wiki

    • CVE-2020-15906 β€” TikiWiki CMS Authentication Bypass β†’ RCE
      • Contributor: @haijun9 | Risk Score: 8.8 (Reproducibility: 60%)

  • Tomcat β€” Java 기반 μ˜€ν”ˆμ†ŒμŠ€ μ›Ή μ• ν”Œλ¦¬μΌ€μ΄μ…˜ μ„œλ²„

    • CVE-2020-1938 β€” Apache Tomcat AJP 파일 읽기 (Ghostcat)
      • Contributor: @mythofsummer | Risk Score: 9.8 (Reproducibility: 70%)

Report Evaluation

각 λ³΄κ³ μ„œλŠ” 취약점 자체의 μœ„ν—˜λ„μ™€ Report Reliabilityλ₯Ό 뢄리해 ν‰κ°€ν•©λ‹ˆλ‹€. Docker ν™˜κ²½κ³Ό 제좜된 PoCλ₯Ό μž¬κ²€μ¦ν•œ λ’€ κΈ°λ‘ν•©λ‹ˆλ‹€.

  • Reproducibility: 제좜된 ν™˜κ²½κ³Ό PoCλ₯Ό κ·ΈλŒ€λ‘œ λ”°λžμ„ λ•Œ μž¬ν˜„ κ°€λŠ₯ν•œ 정도λ₯Ό 0%μ—μ„œ 100%둜 ν‘œν˜„ν•©λ‹ˆλ‹€. ν™˜κ²½ ꡬ성, μ·¨μ•½ 쑰건, μž¬ν˜„ 절차, PoC μ½”λ“œ, μ‹€ν–‰ κ²°κ³Ό, λŒ€μ‘ λ°©μ•ˆμ˜ λͺ…확성을 κΈ°μ€€μœΌλ‘œ ν‰κ°€ν•©λ‹ˆλ‹€.
  • Risk Score: 인증 ν•„μš” μ—¬λΆ€, 원격 μ•…μš© κ°€λŠ₯μ„±, 영ν–₯ λ²”μœ„, PoC 및 Docker ν™˜κ²½μ—μ„œ ν™•μΈλ˜λŠ” μ‹€μ œ λ™μž‘μ„ κΈ°μ€€μœΌλ‘œ CVSS처럼 0.0μ—μ„œ 10.0 μ‚¬μ΄λ‘œ ν‰κ°€ν•©λ‹ˆλ‹€.

About

🐳 docker-compose λ₯Ό ν™œμš©ν•œ μ·¨μ•½ν•œ ν™˜κ²½ ꡬ성 및 검증 (vulhub ν•œκΈ€νŒ)

Topics

docker vulnerability-environment docker-compse

Resources

Readme

License

MIT license
Activity

Stars

38 stars

Watchers

1 watching

Forks

335 forks
Report repository

Contributors

Languages