nuclei-templates
nuclei-templates copied to clipboard
Nuclei doesn't find CVE-2020-7247 (OOB vulnerability)
Nuclei Version:
3.1.10
Template file:
network/cves/2020/CVE-2020-7247.yaml
Command to reproduce:
nuclei -t CVE-2020-7247.yaml -u 70.34.253.177:8825
The target is deliberately vulnerable, so the vulnerability should be found by nuclei.
By debugging we observed that the command gets executed on the victim machine, the interactsh server receives the request from the victim and the attacker machine communicates with the interactsh server too. The problem might be in the way that nuclei
checks for the interaction.
Thanks for the details on this @pentesttools-com and for including a host! Looks to me like the host isn't live but we'll take a look
It's up for me it seems. I don't know what caused the downtime.
If we can help you further with any logs or details feel free to ask!
Hi @pentesttools-com, The response time to this issue was much longer than usual. Thank you for taking the time to create this issue and for contributing to this project 🍻
We are working on a JavaScript template for this, but it looks like there is an issue. We will update the template shortly.
@pentesttools-com It seems that the deliberately vulnerable system is not vulnerable, or the target does not have nslookup installed in the environment. Even the Python exploit does not appear to be working http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html.
Can you try running python script with 'touch /tmp/1' and validate it locally?
Hi, @princechaddha! No worries.
Yes, the system doesn't have nslookup installed.
You can try modifying the template to use wget
.
I've validated that the exploit works with touch
and even with wget
that the command executes and leaves artefacts on the system. (log files, and the response from interactsh)
@pentesttools-com
why you use ? -sS
github QTranspose/CVE-2020-7247-exploit
@pentesttools-com It is fixed in this PR. I have rewrite this template in the JavaScript protocol.