nuclei-templates/network/misconfig/clamav-unauth.yaml

34 lines
1.1 KiB
YAML
Raw Normal View History

2022-10-24 00:51:53 +00:00
id: clamav-unauth
info:
name: ClamAV Server - Unauthenticated Access
author: dwisiswant0
severity: high
description: |
ClamAV server 0.99.2, and possibly other previous versions, allow the execution
of dangerous service commands without authentication. Specifically, the command 'SCAN'
may be used to list system files and the command 'SHUTDOWN' shut downs the service.
reference:
- https://seclists.org/nmap-dev/2016/q2/201
- https://bugzilla.clamav.net/show_bug.cgi?id=11585
metadata:
max-request: 1
shodan-query: port:3310 product:"ClamAV" version:"0.99.2"
verified: true
tags: network,clamav,unauth,seclists,misconfig
tcp:
2022-10-24 00:51:53 +00:00
- inputs:
- data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"
host:
- "{{Hostname}}"
2023-09-16 19:35:21 +00:00
port: 3310
2022-10-24 00:51:53 +00:00
read-size: 48
2022-10-25 12:01:33 +00:00
2022-10-24 00:51:53 +00:00
matchers:
- type: word
words:
2022-10-25 12:01:33 +00:00
- "No such"
- "lstat() failed"
condition: and
# digest: 490a004630440220202b3af5fe34ce64c7c4a8228e6eeb7242f75d833d789eab5848ccfb2102c65002200d52bc1ab847095e422b726429178e8a62349b0cfe5cf0843b2d43deac68291a:922c64590222798bb761d5b6d8e72950