nuclei-templates/http/vulnerabilities/apache/apache-nifi-rce.yaml

id: apache-nifi-rce

info:
  name: Apache NiFi  - Remote Code Execution
  author: arliya
  severity: critical
  description: |
    Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
  reference:
    - https://github.com/imjdl/Apache-NiFi-Api-RCE
    - https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
    - https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
  metadata:
    verified: true
    max-request: 1
    shodan-query: "title:\"NiFi\""
  tags: packetstorm,apache,nifi,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}/nifi-api/process-groups/root"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "revision"
          - "canRead"
          - "permissions"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        json:
          - .id
# digest: 4b0a00483046022100823087d872f3a455924ecdc15097cdfee075237703e430052a76021a9dde5961022100a89d1b8d93adc5aa3081364ad7a0e725ef1c4a2c863d151b5331254588d3043a:922c64590222798bb761d5b6d8e72950
Create Apache NIFI API RCE (#6765) * Create Apache nifi API RCE * fix template * misc metadata update * Update apache-nifi-rce.yaml --------- Co-authored-by: arliya <armandhenewpy@gmail.com> Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-01-19 17:52:17 +00:00			`id: apache-nifi-rce`

			`info:`
			`name: Apache NiFi - Remote Code Execution`
			`author: arliya`
			`severity: critical`
			`description: \|`
			`Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.`
			`reference:`
			`- https://github.com/imjdl/Apache-NiFi-Api-RCE`
			`- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway`
			`- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt`
			`metadata:`
			`verified: true`
TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] :robot: 2024-01-29 11:58:34 +00:00			`max-request: 1`
			`shodan-query: "title:\"NiFi\""`
			`tags: packetstorm,apache,nifi,rce`
Create Apache NIFI API RCE (#6765) * Create Apache nifi API RCE * fix template * misc metadata update * Update apache-nifi-rce.yaml --------- Co-authored-by: arliya <armandhenewpy@gmail.com> Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-01-19 17:52:17 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/nifi-api/process-groups/root"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "revision"`
			`- "canRead"`
			`- "permissions"`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "application/json"`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: json`
			`json:`
Auto Template Signing [Fri Jan 19 17:54:35 UTC 2024] :robot: 2024-01-19 17:54:35 +00:00			`- .id`
Auto Template Signing [Mon Jan 29 12:41:50 UTC 2024] :robot: 2024-01-29 12:41:50 +00:00			`# digest: 4b0a00483046022100823087d872f3a455924ecdc15097cdfee075237703e430052a76021a9dde5961022100a89d1b8d93adc5aa3081364ad7a0e725ef1c4a2c863d151b5331254588d3043a:922c64590222798bb761d5b6d8e72950`