balada-injector-malware: Balada Injector Malware - Detect

日期: 2025-08-01 | 影响软件: balada-injector-malware | POC: 已公开

漏洞描述

Checks websites for Balada Injector malware.

PoC代码[已公开]

id: balada-injector-malware

info:
  name: Balada Injector Malware - Detect
  author: kazet
  severity: high
  description: |
    Checks websites for Balada Injector malware.
  reference:
    - https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector.html
  metadata:
    max-request: 1
  tags: malware,balada,misc,miscellaneous,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - '(?mi)sgpbWillOpen", *function\(e\) *{if *\(e[.]detail[.]popupId.{0,100}eval.{0,100}atob'

      - type: word
        part: header
        words:
          - "text/html"
# digest: 4b0a00483046022100a77b71f00bb7ebb8009968ee03ac927bb8d4228c24702ae4de3b0eecef52f686022100d15a0f63dfc236410d9284ea70114a2cdf6382080fee62a1e0a10adcd3244c6a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/miscellaneous/balada-injector-malware.yaml