daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matcher

patch-11
Ritik Chaddha 2024-09-10 12:50:03 +04:00 committed by GitHub
parent 41bd76083d
commit 8b3e109c31
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/cnvd/2023/CNVD-C-2023-76801.yaml
View File

@ -4,10 +4,12 @@ info:
name: UFIDA NC uapjs - Remote Code Execution name: UFIDA NC uapjs - Remote Code Execution
author: SleepingBag945,s4e-io author: SleepingBag945,s4e-io
severity: critical severity: critical
description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks. description: |
There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.
reference: reference:
- https://mp.weixin.qq.com/s/8ZRrmUCD2bfznd1MyDDU8A - https://mp.weixin.qq.com/s/8ZRrmUCD2bfznd1MyDDU8A
metadata: metadata:
verified: true
max-request: 2 max-request: 2
fofa-query: app="用友-NC-Cloud" fofa-query: app="用友-NC-Cloud"
tags: cnvd,cnvd2023,yonyou,rce,intrusive tags: cnvd,cnvd2023,yonyou,rce,intrusive
@ -29,6 +31,7 @@ http:
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- "len(body)==0"
- 'status_code == 200' - 'status_code == 200'
internal: true internal: true