2023-09-25 17:47:08 +00:00
id : shiro-deserialization-detection
info :
name : Shiro <= 1.2.4 Deserialization Detection
2023-10-07 23:31:39 +00:00
author : hotpot,j4vaovo
2023-09-25 17:47:08 +00:00
severity : unknown
description : |
This template is designed to detect the Shiro framework's default key vulnerabilities. It leverages 51 built-in Shiro keys to probe for potential vulnerabilities.
reference :
- https://github.com/sv3nbeast/ShiroScan
2023-10-02 16:03:47 +00:00
metadata :
max-request : 102
2023-09-25 17:47:08 +00:00
tags : shiro,deserialization,rce,apache
http :
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
Cookie : JSESSIONID={{randstr}};rememberMe=123;
- |
GET / HTTP/1.1
Host : {{Hostname}}
Cookie : JSESSIONID={{randstr}};rememberMe={{key}};
2023-09-25 17:51:28 +00:00
2023-09-25 17:47:08 +00:00
payloads :
key : helpers/wordlists/shiro_encrypted_keys.txt
stop-at-first-match : true
2023-10-14 11:27:55 +00:00
2023-10-07 23:31:39 +00:00
matchers-condition : and
2023-09-25 17:47:08 +00:00
matchers :
2023-10-14 11:27:55 +00:00
- type : dsl # WAF Block Page
2023-09-25 17:47:08 +00:00
dsl :
- 'contains(header_1, "Set-Cookie") && (contains(header_1, "rememberMe=") || contains(header_1, "=deleteMe"))'
- '!contains(header_2, "rememberMe=") && !contains(header_2, "=deleteMe")'
condition : and
2023-10-07 23:31:39 +00:00
2023-10-14 11:27:55 +00:00
- type : dsl
2023-10-07 23:31:39 +00:00
dsl :
- '!contains(body_2, "<p>当前访问疑似黑客攻击,已被网站管理员设置拦截并记录</p>")'
2023-10-07 23:46:50 +00:00
- '!contains(body_2, "很抱歉, ,
2023-10-07 23:31:39 +00:00
condition : and
2023-11-27 09:19:41 +00:00
# digest: 4a0a00473045022100d31e9314ce77be5a00ae9fa4bb30686fef3506b2d8008154e0ac30c99c7ba0f502201170dc3d229d2e3770bd9b734ce65414d1ef189b2518dec525a60f636a17e152:922c64590222798bb761d5b6d8e72950
