nuclei-templates/http/vulnerabilities/other/antsword-backdoor.yaml

37 lines
1.0 KiB
YAML
Raw Normal View History

2022-01-31 20:09:46 +00:00
id: antsword-backdoor
info:
name: AntSword Backdoor Detection
2022-01-31 20:09:46 +00:00
author: ffffffff0x
severity: critical
description: An AntSword application backdoor shell was discovered.
reference:
- https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9
Dashboard Content Enhancement (#4020) * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing * Remove empty cve lines and relocate tags * Remove blank cve lines & move tags * Fix merge errors * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-2551.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Syntax cleanup * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Syntax and a title change * Enhancement: cves/2021/CVE-2021-38702.yaml by mp * Fix references * Enhancement: cves/2021/CVE-2021-38704.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-44529.yaml by mp * Conflicts resolved * Fix quoting * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-23779.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp * Enhancement: default-logins/emqx/emqx-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Update CVE-2020-25223.yaml * Update CVE-2020-26214.yaml * Update CVE-2020-25506.yaml * Update CVE-2020-2551.yaml * Update CVE-2020-26919.yaml * Update CVE-2021-44529.yaml * Update CVE-2020-28871.yaml * Update CVE-2020-28188.yaml * Update CVE-2021-45967.yaml * Update hue-default-credential.yaml * Update CVE-2021-44529.yaml * misc syntax update * Syntax restore some characters * Spacing * Enhancement: vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml by mp * Enhancement: vulnerabilities/wordpress/issuu-panel-lfi.yaml by mp * Enhancement: cves/2019/CVE-2019-10068.yaml by mp * Enhancement: cves/2019/CVE-2019-10232.yaml by mp * Enhancement: cves/2019/CVE-2019-10758.yaml by mp * Enhancement: cves/2019/CVE-2019-11510.yaml by mp * Enhancement: cves/2019/CVE-2019-11580.yaml by mp * Enhancement: cves/2019/CVE-2019-11581.yaml by mp * Enhancement: cves/2019/CVE-2019-12314.yaml by mp * Enhancement: cves/2019/CVE-2019-13101.yaml by mp * Link wrapping issue * Enhancement: cves/2019/CVE-2019-13462.yaml by mp * Enhancement: cves/2019/CVE-2019-15107.yaml by mp * Enhancement: cves/2019/CVE-2019-15859.yaml by mp * Enhancement: cves/2019/CVE-2019-16759.yaml by mp * Enhancement: cves/2019/CVE-2019-16662.yaml by mp * Enhancement: cves/2019/CVE-2019-16278.yaml by mp * Enhancement: cves/2019/CVE-2019-10232.yaml by mp * Enhancement: cves/2019/CVE-2019-10758.yaml by mp * Enhancement: cves/2019/CVE-2019-11510.yaml by mp * Enhancement: cves/2019/CVE-2019-12725.yaml by mp * Enhancement: cves/2019/CVE-2019-13101.yaml by mp * Enhancement: cves/2019/CVE-2019-15107.yaml by mp * Enhancement: cves/2019/CVE-2019-15859.yaml by mp * Enhancement: cves/2019/CVE-2019-16662.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-10543.yaml by cs * Enhancement: cves/2021/CVE-2021-33807.yaml by mp * Enhancement: cves/2010/CVE-2010-0943.yaml by mp * Enhancement: cves/2008/CVE-2008-6172.yaml by mp * Enhancement: vulnerabilities/simplecrm/simple-crm-sql-injection.yaml by mp * Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: network/cisco-smi-exposure.yaml by mp * Enhancement: cves/2021/CVE-2021-37704.yaml by mp * Enhancement: vulnerabilities/other/microweber-xss.yaml by mp * Enhancement: cves/2019/CVE-2019-16313.yaml by mp * Enhancement: cves/2021/CVE-2021-3017.yaml by mp * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2021/CVE-2021-37573.yaml by mp * Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: vulnerabilities/other/microweber-xss.yaml by mp * Enhancement: cves/2018/CVE-2018-11709.yaml by mp * Enhancement: cves/2014/CVE-2014-2321.yaml by mp * Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp * Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp * Manual enhancement * Manual enhancement push due to dashboard failure * Testing of dashboard accidentally commited to dashboard branch * Spacing Put some CVEs in the classification * Add missing cve-id fields to templates in cve/ Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-04-01 08:51:42 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-553
remediation: Reinstall AnstSword on a new system due to the target system's compromise. Follow best practices for securing PHP servers/applications via the php.ini and other mechanisms.
tags: backdoor,antsword
metadata:
max-request: 1
2022-01-31 20:09:46 +00:00
http:
2022-01-31 20:09:46 +00:00
- method: POST
path:
- "{{BaseURL}}/.antproxy.php"
headers:
Content-Type: application/x-www-form-urlencoded
2022-01-31 20:22:39 +00:00
body: 'ant=echo md5("antproxy.php");'
2022-01-31 20:09:46 +00:00
matchers-condition: and
matchers:
- type: word
2022-01-31 20:22:39 +00:00
part: body
2022-01-31 20:09:46 +00:00
words:
2022-01-31 20:22:39 +00:00
- "951d11e51392117311602d0c25435d7f"
2022-01-31 20:09:46 +00:00
- type: status
status:
- 200