如何获得Xray 2.x的所有漏洞 - 2022年世界杯赛程时间表

Hirofumi Iwashita
2021-08-22 06:36

我们不公开漏洞列表，但它们存储在MongoDB中。
请使用下面的mongoexport命令获取漏洞列表。# mongoexport——db xray——username xray——password password——collection vulnerabilities——out export.json 2020-07-03T02:24:04.505+0000连接到:localhost 2020 - 07 - 03 - t02:24:05.506 + 0000 [........................x光。漏洞0/75496 (0.0%) 2020 - 07 - 03 - t02:24:06.505 + 0000 [........................x光。漏洞0/75496 (0.0%) 2020 - 07 - 03 - t02:24:07.505 + 0000 [##......................x光。漏洞8000/75496 (10.6%) 2020 - 07 - 03 - t02:24:08.505 + 0000 [#####...................x光。漏洞16000/75496 (21.2%) 2020 - 07 - 03 - t02:24:09.505 + 0000 [#####...................x光。漏洞16000/75496 (21.2%) 2020 - 07 - 03 - t02:24:10.506 + 0000 [#####...................x光。漏洞16000/75496 (21.2%) 2020 - 07 - 03 - t02:24:11.505 + 0000 [#######.................x光。漏洞24000/75496 (31.8%) 2020 - 07 - 03 - t02:24:12.506 + 0000 [#######.................x光。漏洞24000/75496 (31.8%) 2020 - 07 - 03 - t02:24:13.505 + 0000 [#######.................x光。漏洞24000/75496 (31.8%) 2020 - 07 - 03 - t02:24:14.505 + 0000 [##########..............x光。漏洞32000/75496 (42.4%) 2020 - 07 - 03 - t02:24:15.505 + 0000 [##########..............x光。漏洞32000/75496 (42.4%) 2020 - 07 - 03 - t02:24:16.505 + 0000 [##########..............x光。漏洞32000/75496 (42.4%) 2020 - 07 - 03 - t02:24:17.505 + 0000 [############............x光。漏洞400000 /75496 (53.0%) 2020 - 07 - 03 - t02:24:18.505 + 0000 [############............x光。漏洞400000 /75496 (53.0%) 2020 - 07 - 03 - t02:24:19.505 + 0000 [############............x光。漏洞400000 /75496 (53.0%) 2020 - 07 - 03 - t02:24:20.505 + 0000 [###############.........x光。漏洞48000/75496 (63.6%) 2020 - 07 - 03 - t02:24:21.505 + 0000 [###############.........x光。漏洞48000/75496 (63.6%) 2020 - 07 - 03 - t02:24:22.505 + 0000 [###############.........x光。漏洞48000/75496 (63.6%) 2020 - 07 - 03 - t02:24:23.505 + 0000 [#################.......x光。漏洞56000/75496 (74.2%) 2020 - 07 - 03 - t02:24:24.505 + 0000 [#################.......x光。漏洞56000/75496 (74.2%) 2020 - 07 - 03 - t02:24:25.505 + 0000 [#################.......x光。漏洞56000/75496 (74.2%) 2020 - 07 - 03 - t02:24:26.505 + 0000 [####################....x光。漏洞64000/75496 (84.8%) 2020 - 07 - 03 - t02:24:27.505 + 0000 [####################....x光。漏洞64000/75496 (84.8%) 2020 - 07 - 03 - t02:24:28.505 + 0000 [######################..x光。漏洞72000/75496 (95.4%) 2020 - 07 - 03 - t02:24:29.184 + 0000 [########################] x光。漏洞75496/75496 (100.0%) 2020-07-03T02:24:29.184+0000导出75496条记录 # head -1 export.json {"_id":"XRAY-75648"，"package_type":"npm"，"type":"security"，"summary":"angucomplete-alt Package for Node.js未指定XSS"，"provider":"JFrog"，"description":"angucomplete-alt Package for Node.js包含允许跨站脚本(XSS)攻击的漏洞。这个缺陷的存在是因为angucomplete-alt.js脚本在将输入返回给用户之前没有正确地处理输入。这可能允许攻击者创建一个特殊制作的请求，该请求在用户的浏览器会话中执行任意脚本代码，该会话处于浏览器与服务器之间的信任关系中服务器。”、“严重”:5.0,“创建”:{" $日期”:“2019 - 02 - 24 t16:30:51.655z”},“cf({}),“来源”:[{" name ":“VulnDB”、“source_id”:“198050”,“url”:“https://vulndb.cyberriskanalytics.com/vulnerabilities/198050”}],“组件”:[{" id ":“angucomplete-alt”、“vulnerable_versions”:“(3.0.0)”,“fixed_versions”:[]}],“引用”:[" https://github.com/ghiden/angucomplete-alt/pull/525 ", " https://github.com/ghiden/angucomplete-alt/commit/3d939396822df36b3d53bcb54134ff829af76598 ", " https://github.com/ghiden/angucomplete-alt /提交/ f814c417a31cfc44605c57e28fa88ebcd6317938”),“忽略”:假的,“修改”:{" $日期”:“2020 - 06 - 01 t06:57:15.564z”},“编辑”:{" $日期”:“2020 - 07 - 03 t01:31:56.039z}} #
如果你想找到特定的漏洞，你也可以使用mongo命令，如下所示。# mongo xray——username xray——password密码 MongoDB shell版本:3.2.6 连接到:x射线 > db.vulnerabilities.find ({_id:“x光- 75648”}) {"_id": "XRAY-75648"， "package_type": "npm"， "type": "security"， "summary": "angucomplete-alt Package for Node.js未指定XSS"， "provider": "JFrog"， "description": "angucomplete-alt Package for Node.js包含允许跨站脚本(XSS)攻击的漏洞。这个缺陷的存在是因为angucomplete-alt.js脚本在将输入返回给用户之前没有正确地处理输入。这可能允许攻击者创建一个特别的请求,在用户的浏览器会话中执行任意脚本代码在浏览器和服务器之间的信任关系。”,“严重程度”:5,“创建”:ISODate(“2019 - 02 - 24 t16:30:51.655z”),“cf " : [ { } ], " 来源”:[{“名称”:“VulnDB”,“source_id”:“198050”,“url”:“https://vulndb.cyberriskanalytics.com/vulnerabilities/198050”}],“组件”:[{“id”:“angucomplete-alt”、“vulnerable_versions”:["[3.0.0]"]， "fixed_versions": []}]， "references": ["https://github.com/ghiden/angucomplete-alt/pull/525"， "https://github.com/ghiden/angucomplete-alt/commit/3d939396822df36b3d53bcb54134ff829af76598"， "https://github.com/ghiden/angucomplete-alt/commit/f814c417a31cfc44605c57e28fa88ebcd6317938"]， "ignored": false， "modified": ISODate("2020-06-01T06:57:15.564Z")， "edited": ISODate("2020-07-03T01:31:56.039Z")} >

要么释放，要么死亡