nuclei-templates

Commit Graph

Author	SHA1	Message	Date
forgedhallpass	f55d6b75e1	Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84	2021-08-19 16:59:12 +03:00
sandeep	ebf1653d65	Update CVE-2021-36380.yaml	2021-08-02 01:33:10 +05:30
GwanYeong Kim	0678e7d233	Create CVE-2021-36380.yaml The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>	2021-08-01 03:10:49 +09:00

Author

SHA1

Message

Date

forgedhallpass

f55d6b75e1

Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string

Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84

2021-08-19 16:59:12 +03:00

sandeep

ebf1653d65

Update CVE-2021-36380.yaml

2021-08-02 01:33:10 +05:30

GwanYeong Kim

0678e7d233

Create CVE-2021-36380.yaml

The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

2021-08-01 03:10:49 +09:00

3 Commits (cf4ef2ac5a780c6150041de503f4c79650145ca6)