daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update clamav-unauth.yaml

patch-1
Prince Chaddha 2022-10-25 17:31:33 +05:30 committed by GitHub
parent a7e3ec1059
commit 31388710e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
network/clamav-unauth.yaml
View File

@ -8,6 +8,9 @@ info:
ClamAV server 0.99.2, and possibly other previous versions, allow the execution ClamAV server 0.99.2, and possibly other previous versions, allow the execution
of dangerous service commands without authentication. Specifically, the command 'SCAN' of dangerous service commands without authentication. Specifically, the command 'SCAN'
may be used to list system files and the command 'SHUTDOWN' shut downs the service. may be used to list system files and the command 'SHUTDOWN' shut downs the service.
metadata:
verified: true
shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'
reference: reference:
- https://seclists.org/nmap-dev/2016/q2/201 - https://seclists.org/nmap-dev/2016/q2/201
- https://bugzilla.clamav.net/show_bug.cgi?id=11585 - https://bugzilla.clamav.net/show_bug.cgi?id=11585
@ -20,7 +23,10 @@ network:
- "{{Hostname}}" - "{{Hostname}}"
- "{{Host}}:3310" - "{{Host}}:3310"
read-size: 48 read-size: 48
matchers: matchers:
- type: word - type: word
words: words:
- "No such file" - "No such"
- "lstat() failed"
condition: and