daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update lotuscms-rce.yaml

patch-1
Prince Chaddha 2022-05-31 14:26:43 +05:30 committed by GitHub
parent 59a7391451
commit 59f524e539
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vulnerabilities/other/lotuscms-rce.yaml
View File

@ -4,7 +4,8 @@ info:
name: LotusCMS 3.0 - Remote Code Execution
author: pikpikcu
severity: critical
description: LotusCMS 3.0 is susceptible to remote code execution via the Router () function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution.
description: |
LotusCMS 3.0 is susceptible to remote code execution via the Router () function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution.
reference:
- https://github.com/Hood3dRob1n/LotusCMS-Exploit
classification:
@ -28,9 +29,9 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "38ee63071a04dc5e04ed22624c38e648"
part: body
- type: status
status: