nuclei-templates/cves/2020/CVE-2020-16846.yaml

36 lines
1.0 KiB
YAML
Raw Normal View History

2021-01-02 04:56:15 +00:00
id: CVE-2020-16846
2020-11-18 17:21:07 +00:00
info:
name: SaltStack Shell Injection
author: dwisiswant0
severity: critical
description: |
SaltStack Salt through 3002. Sending crafted web requests to the Salt API,
with the SSH client enabled, can result in shell injection.
This template supports the detection part only. See references.
2021-03-12 07:10:16 +00:00
reference: |
2020-11-18 17:21:07 +00:00
- https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
- https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846
tags: cve,cve2020,saltstack
2020-11-18 17:21:07 +00:00
requests:
- method: POST
path:
- "{{BaseURL}}/run"
body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei"
headers:
Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header
matchers-condition: and
matchers:
- type: status
status:
- 500
- type: word
words:
- "application/json"
part: header
- type: word
words:
- "An unexpected error occurred"
part: body