nuclei-templates/vulnerabilities/other/rce-via-java-deserializatio...

24 lines
751 B
YAML

id: rce-via-java-deserialization
info:
name: Java Deserialization [RCE]
author: uhnysh
severity: critical
tags: java,rce
reference: https://www.synopsys.com/blogs/software-security/mitigate-java-deserialization-vulnerability-jboss/
# This can only be used to detect the vuln, please make sure to run ysoserial over the URLs to verify.
requests:
- method: GET
path:
- "{{BaseURL}}/josso/%5C../invoker/EJBInvokerServlet/"
- "{{BaseURL}}/josso/%5C../invoker/JMXInvokerServlet/"
- "{{BaseURL}}/invoker/JMXInvokerServlet/"
- "{{BaseURL}}/invoker/EJBInvokerServlet/"
matchers:
- type: word
words:
- "org.jboss.invocation.MarshalledValue"
- "java.lang"
condition: and