daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update opensns-rce.yaml

patch-1
Prince Chaddha 2022-05-31 14:49:47 +05:30 committed by GitHub
parent 35e1863cda
commit 683b511766
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vulnerabilities/other/opensns-rce.yaml
View File

@ -4,7 +4,8 @@ info:
name: OpenSNS - Remote Code Execution name: OpenSNS - Remote Code Execution
author: gy741 author: gy741
severity: critical severity: critical
description: OpenSNS allows remote unauthenticated attackers to execute arbitrary code via the 'shareBox' endpoint. description: |
OpenSNS allows remote unauthenticated attackers to execute arbitrary code via the 'shareBox' endpoint.
reference: reference:
- http://www.0dayhack.net/index.php/2417/ - http://www.0dayhack.net/index.php/2417/
- https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E - https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
@ -24,10 +25,10 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
part: body
regex: regex:
- "((u|g)id=)" - "((u|g)id=)"
- "Microsoft Windows" - "Microsoft Windows"
part: body
condition: or condition: or
- type: word - type: word