daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rce via java deserialization

patch-1
uhnysh 2020-07-24 14:45:31 +05:30 committed by GitHub
parent 211ddcc575
commit 41f25f0fc2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
vulnerabilities/RCE-via-java-deserialization.yaml Normal file
View File

@ -0,0 +1,18 @@
info:
name: Java Deserialization [RCE]
author: uhnysh
severity: critical
requests:
- method: GET
path:
- "{{BaseURL}}/josso/%5C../invoker/EJBInvokerServlet/"
- "{{BaseURL}}/josso/%5C../invoker/JMXInvokerServlet/"
- "{{BaseURL}}/invoker/JMXInvokerServlet/"
- "{{BaseURL}}/invoker/EJBInvokerServlet/"
matchers:
- type: word
words:
- "org.jboss.invocation.MarshalledValue"
- "java.lang"
condition: or