47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
id: apache-nifi-rce
|
|
|
|
info:
|
|
name: Apache NiFi - Remote Code Execution
|
|
author: arliya
|
|
severity: critical
|
|
description: |
|
|
Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
|
|
reference:
|
|
- https://github.com/imjdl/Apache-NiFi-Api-RCE
|
|
- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
|
|
- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: "title:\"NiFi\""
|
|
tags: packetstorm,apache,nifi,rce
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/nifi-api/process-groups/root"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "revision"
|
|
- "canRead"
|
|
- "permissions"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: json
|
|
json:
|
|
- .id
|
|
# digest: 4b0a00483046022100823087d872f3a455924ecdc15097cdfee075237703e430052a76021a9dde5961022100a89d1b8d93adc5aa3081364ad7a0e725ef1c4a2c863d151b5331254588d3043a:922c64590222798bb761d5b6d8e72950 |