From e07fee79c7366f6d2ff73009c37c4b28caaebc35 Mon Sep 17 00:00:00 2001 From: j4vaovo <128683738+j4vaovo@users.noreply.github.com> Date: Sun, 2 Apr 2023 08:23:19 +0800 Subject: [PATCH 1/3] Fix CNVD-2017-03561.yaml --- cnvd/2017/CNVD-2017-03561.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cnvd/2017/CNVD-2017-03561.yaml b/cnvd/2017/CNVD-2017-03561.yaml index 07d2c130e6..b9deaaafe1 100644 --- a/cnvd/2017/CNVD-2017-03561.yaml +++ b/cnvd/2017/CNVD-2017-03561.yaml @@ -1,10 +1,10 @@ id: CNVD-2017-03561 info: - name: Panwei eMobile - OGNL Injection + name: Fanwei eMobile - OGNL Injection author: ritikchaddha severity: high - description: Panwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site. + description: Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site. reference: - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md - https://reconshell.com/vulnerability-research-list/ @@ -14,8 +14,8 @@ info: tags: cnvd,cnvd2017,emobile,ognl,panwei variables: - num1: "9999" - num2: "5555" + num1: "233333" + num2: "333332" requests: - method: GET @@ -29,7 +29,7 @@ requests: - type: word part: body words: - - '55544445' + - '77777355556' - type: status status: From 6760735d6fd73c804d5256ca87cab7f58962e7a9 Mon Sep 17 00:00:00 2001 From: j4vaovo <128683738+j4vaovo@users.noreply.github.com> Date: Tue, 4 Apr 2023 11:04:20 +0800 Subject: [PATCH 2/3] Update CNVD-2017-03561.yaml --- cnvd/2017/CNVD-2017-03561.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cnvd/2017/CNVD-2017-03561.yaml b/cnvd/2017/CNVD-2017-03561.yaml index b9deaaafe1..38c9a5a139 100644 --- a/cnvd/2017/CNVD-2017-03561.yaml +++ b/cnvd/2017/CNVD-2017-03561.yaml @@ -11,7 +11,7 @@ info: metadata: verified: true fofa-query: app="泛微-eMobile" - tags: cnvd,cnvd2017,emobile,ognl,panwei + tags: cnvd,cnvd2017,emobile,ognl,fanwei variables: num1: "233333" From cb03a9ea7731b2ec9c560616e0d86f19d3848025 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 13 Apr 2023 23:34:03 +0530 Subject: [PATCH 3/3] updated variables and matcher --- cnvd/2017/CNVD-2017-03561.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/cnvd/2017/CNVD-2017-03561.yaml b/cnvd/2017/CNVD-2017-03561.yaml index 38c9a5a139..519a4bb975 100644 --- a/cnvd/2017/CNVD-2017-03561.yaml +++ b/cnvd/2017/CNVD-2017-03561.yaml @@ -4,7 +4,8 @@ info: name: Fanwei eMobile - OGNL Injection author: ritikchaddha severity: high - description: Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site. + description: | + Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site. reference: - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md - https://reconshell.com/vulnerability-research-list/ @@ -14,10 +15,11 @@ info: tags: cnvd,cnvd2017,emobile,ognl,fanwei variables: - num1: "233333" - num2: "333332" + num1: "{{rand_int(800000, 999999)}}" + num2: "{{rand_int(800000, 999999)}}" + result: "{{to_number(num1)*to_number(num2)}}" -requests: +http: - method: GET path: - "{{BaseURL}}/login.do?message={{num1}}*{{num2}}" @@ -29,7 +31,7 @@ requests: - type: word part: body words: - - '77777355556' + - "{{result}}" - type: status status: