id: apache-nifi-rce

info:
  name: Apache NiFi  - Remote Code Execution
  author: arliya
  severity: critical
  description: |
    Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
  reference:
    - https://github.com/imjdl/Apache-NiFi-Api-RCE
    - https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
    - https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
  metadata:
    verified: true
    max-request: 1
    shodan-query: "title:\"NiFi\""
  tags: packetstorm,apache,nifi,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}/nifi-api/process-groups/root"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "revision"
          - "canRead"
          - "permissions"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        json:
          - .id
# digest: 4b0a00483046022100823087d872f3a455924ecdc15097cdfee075237703e430052a76021a9dde5961022100a89d1b8d93adc5aa3081364ad7a0e725ef1c4a2c863d151b5331254588d3043a:922c64590222798bb761d5b6d8e72950