8000 RCE Bypass · Issue #4112 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
RCE Bypass #4112
Open
Open
@Xhoenix

Description

@Xhoenix

Description

Payload:

\id
\``command`

How to reproduce the misbehavior (-> curl call)

curl -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?test=%5Cid" -H "x-crs-version: nightly" -H "x-crs-paranoia-level: 4"

curl -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?test=%5C%60%60command%60" -H "x-crs-version: nightly"

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0