admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-06 02:33:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4e11c2f2fd7c9f4c357b525eeeb6ee00a8df3aa
nuclei-templates/javascript/cves/2021/CVE-2021-35211.yaml
ghost 2fd9f545e6 chore: sign templates 🤖
2025-12-01 12:33:06 +00:00

61 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2021-35211
info:
name: SolarWinds Serv-U FTP - Remote Code Execution
author: pussycat0x
severity: critical
description: |
SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 contain a remote memory escape caused remote code execution vulnerability, letting attackers gain privileged access, exploit requires remote attacker to send crafted memory operations.
impact: |
Attackers can execute arbitrary code with high privileges on the affected system, potentially leading to full system compromise.
remediation: |
Update to version 15.2.3 HF2 or later.
reference:
- https://github.com/BishopFox/CVE-2021-35211
- https://www.rapid7.com/db/vulnerabilities/solarwinds-serv-u-cve-2021-35211/
- https://www.microsoft.com/en-us/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
metadata:
verified: true
max-request: 1
shodan-query: "SSH-2.0-Serv-U"
tags: js,enum,ssh,misconfig,network,kev,vkev,passive
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
let m = require("nuclei/ssh");
let c = m.SSHClient();
let response = c.ConnectSSHInfoMode(Host, Port);
// Convert response to string if it's an object
let responseStr = typeof response === 'string' ? response : JSON.stringify(response);
let jsonStart = responseStr.indexOf('{');
let jsonEnd = responseStr.lastIndexOf('}') + 1;
let jsonString = responseStr.substring(jsonStart, jsonEnd);
let result = JSON.parse(jsonString);
Export(result.ServerID.Raw);
args:
Host: "{{Host}}"
Port: "22"
matchers:
- type: dsl
dsl:
- "success == true"
- "contains(response, 'SSH-2.0-Serv-U')"
- "compare_versions(version, ' < 15.2.3.742')"
condition: and
extractors:
- type: regex
name: version
part: response
group: 1
regex:
- 'SSH-2.0-Serv-U_(\d+\.\d+\.\d+)(?:\.(\d+))?'
# digest: 4a0a0047304502201e5ee23e6c5699e78a87b8d7fcefa67856270a3479cb9eeb19f1f187dd59de4e0221008ecd31dd226bc02ed448d1e2ec4bd2f9fad94fc17737f9a9d3cb3cd57336f61e:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink