daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update metersphere-plugin-rce.yaml

patch-1
Prince Chaddha 2022-05-31 14:33:16 +05:30 committed by GitHub
parent 236a91ffd6
commit 66fe14e8a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vulnerabilities/metersphere/metersphere-plugin-rce.yaml
View File

@ -4,7 +4,8 @@ info:
name: MeterSphere - Remote Code Execution
author: pdteam,y4er
severity: critical
description: MeterSphere is susceptible to remote code execution.
description: |
MeterSphere is susceptible to remote code execution.
reference:
- https://y4er.com/post/metersphere-plugincontroller-pre-auth-rce/
- https://github.com/metersphere/metersphere
@ -46,6 +47,7 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"data":'
- '"success":true'