Replies: 1 comment 1 reply
-
|
Hi @alexvelickiy I can see in the case of nuclei template - CVE-2022-22965 it make use of different payload to initiate DNS interaction instead of file write like in the case of Metasploit module which requires or depends on |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hi @ehsandeep My bad. Didn't notice different payload. Indeed, no path parameter is necessary in this case. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Template Information:
The Metasploit module for CVE-2022-22965 allows users to rewrite default value (webapps/ROOT) of
class.module.classLoader.resources.context.parent.pipeline.first.directoryparameter (PAYLOAD_PATH Metasploit option).https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/multi/http/spring_framework_rce_spring4shell.md
I don't know it there are cases when default value doesn't work. But if any, should the '--app-path' parameter be added to the template?
Nuclei Template:
Beta Was this translation helpful? Give feedback.
All reactions