add apache-nifi-unauth

vulnerabilities/apache-nifi-unauth.yaml

@@ -0,0 +1,35 @@
+id: apache-nifi-unauth
+
+info:
+  name: Apache-NIFI-Unauth
+  author: pwnhxl
+  severity: high
+  description: Apache-NIFI-Unauth.
+  reference:
+    - https://github.com/jm0x0/apache_nifi_processor_rce
+  metadata:
+    verified: "true"
+    fofa-query: title="nifi" && body="Did you mean"
+  tags: apache,nifi,unauth
+
+requests:
+  - raw:
+      - |
+        GET /nifi-api/access/config HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{"config":{"supportsLogin":false}}'
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'
+
+      - type: status
+        status:
+          - 200