Add JSP payload for Reflective RCE #127
Conversation
| validation_type: VALIDATION_REGEX | ||
| validation_regex: (?s).*TSUNAMI_PAYLOAD_START$TSUNAMI_PAYLOAD_TOKEN_RANDOMTSUNAMI_PAYLOAD_END.* | ||
| vulnerability_type: | ||
| - REFLECTIVE_RCE |
There was a problem hiding this comment.
nit: add a Terminating Newline at the end of the file.
There was a problem hiding this comment.
Once this PR is merged, could you rebase google/tsunami-security-scanner-plugins#566?
There was a problem hiding this comment.
nit: add a Terminating Newline at the end of the file.
Thanks, Newline added.
There was a problem hiding this comment.
Once this PR is merged, could you rebase google/tsunami-security-scanner-plugins#566?
Is this related to the fact that the detector uses the newly added JSP payload config in the scanner?
Currently the build file of the detector picks up the latest published version of the scanner. This leads to fail builds, since the last published version does not have the JSP payload config.
To sync up the detector with the newly added JSP config in the scanner I believe is necessary either to create a new release in the official repo (this one), or to create a local build of the scanner and change the build file to point to the local version.
-- ce33b31 by LeonardoE95 <[email protected]>: Add JSP payload for Reflective RCE -- 4b6b849 by LeonardoE95 <[email protected]>: Fix: Add newline COPYBARA_INTEGRATE_REVIEW=#127 from mindedsecurity:master 4b6b849 PiperOrigin-RevId: 705246572 Change-Id: I1661382d3a82855365bc8d253598dd2757a078e0
|
This has been merged as commit: 6f0a8dc |
Hi there,
while developing the detector for CVE-2017-12617, an RCE vulnerability in Apache Tomcat that works by uploading a JSP file, I saw there was no JSP payload supported.
This PR adds to the payloads definition a simple JSP payload for reflective RCE. Specifically, the new payload prints a string following the structure of similar payloads already existing in the code.