nuclei-templates/cves/2017/CVE-2017-17562.yaml

id: CVE-2017-17562

info:
  name: Embedthis GoAhead <3.6.5 - Remote Code Execution
  author: geeknik
  severity: high
  description: |
    description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
  reference:
    - https://www.elttam.com/blog/goahead/
    - https://github.com/ivanitlearning/CVE-2017-17562
    - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
    - https://github.com/embedthis/goahead/issues/249
    - https://nvd.nist.gov/vuln/detail/CVE-2017-17562
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2017-17562
    cwe-id: CWE-20
  tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub

requests:
  - raw:
      - |
        GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    payloads:
      endpoint:
        - admin
        - apply
        - non-CA-rev
        - cgitest
        - checkCookie
        - check_user
        - chn/liveView
        - cht/liveView
        - cnswebserver
        - config
        - configure/set_link_neg
        - configure/swports_adjust
        - eng/liveView
        - firmware
        - getCheckCode
        - get_status
        - getmac
        - getparam
        - guest/Login
        - home
        - htmlmgr
        - index
        - index/login
        - jscript
        - kvm
        - liveView
        - login
        - login.asp
        - login/login
        - login/login-page
        - login_mgr
        - luci
        - main
        - main-cgi
        - manage/login
        - menu
        - mlogin
        - netbinary
        - nobody/Captcha
        - nobody/VerifyCode
        - normal_userLogin
        - otgw
        - page
        - rulectl
        - service
        - set_new_config
        - sl_webviewer
        - ssi
        - status
        - sysconf
        - systemutil
        - t/out
        - top
        - unauth
        - upload
        - variable
        - wanstatu
        - webcm
        - webmain
        - webproc
        - webscr
        - webviewLogin
        - webviewLogin_m64
        - webviewer
        - welcome

    stop-at-first-match: true
    matchers-condition: and
    matchers:

      - type: word
        words:
          - "environment variable"
          - "display library search paths"
        condition: and

      - type: status
        status:
          - 200
# Enhanced by mp on 2022/06/19
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`id: CVE-2017-17562`

			`info:`
Enhancement: cves/2017/CVE-2017-17562.yaml by mp 2022-06-19 15:17:21 +00:00			`name: Embedthis GoAhead <3.6.5 - Remote Code Execution`
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`author: geeknik`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`severity: high`
Update CVE-2017-17562.yaml 2022-06-20 16:08:41 +00:00			`description: \|`
			`description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`- https://www.elttam.com/blog/goahead/`
			`- https://github.com/ivanitlearning/CVE-2017-17562`
minor changes 2021-04-01 07:58:30 +00:00			`- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://github.com/embedthis/goahead/issues/249`
Enhancement: cves/2017/CVE-2017-17562.yaml by mp 2022-06-19 15:17:21 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2017-17562`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 8.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2017-17562`
			`cwe-id: CWE-20`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub`
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00
			`requests:`
Payloads positional update to keep the request format uniform 2021-08-22 18:09:33 +00:00			`- raw:`
			`- \|`
removed extra headers not required for template 2021-09-08 12:17:19 +00:00			`GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1`
Payloads positional update to keep the request format uniform 2021-08-22 18:09:33 +00:00			`Host: {{Hostname}}`
			`Accept: /`

			`payloads:`
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`endpoint:`
			`- admin`
			`- apply`
			`- non-CA-rev`
			`- cgitest`
			`- checkCookie`
			`- check_user`
			`- chn/liveView`
			`- cht/liveView`
			`- cnswebserver`
			`- config`
			`- configure/set_link_neg`
			`- configure/swports_adjust`
			`- eng/liveView`
			`- firmware`
			`- getCheckCode`
			`- get_status`
			`- getmac`
			`- getparam`
			`- guest/Login`
			`- home`
			`- htmlmgr`
			`- index`
			`- index/login`
			`- jscript`
			`- kvm`
			`- liveView`
			`- login`
			`- login.asp`
			`- login/login`
			`- login/login-page`
			`- login_mgr`
			`- luci`
			`- main`
			`- main-cgi`
			`- manage/login`
			`- menu`
			`- mlogin`
			`- netbinary`
			`- nobody/Captcha`
			`- nobody/VerifyCode`
			`- normal_userLogin`
			`- otgw`
			`- page`
			`- rulectl`
			`- service`
			`- set_new_config`
			`- sl_webviewer`
			`- ssi`
			`- status`
			`- sysconf`
			`- systemutil`
			`- t/out`
			`- top`
			`- unauth`
			`- upload`
			`- variable`
			`- wanstatu`
			`- webcm`
			`- webmain`
			`- webproc`
			`- webscr`
			`- webviewLogin`
			`- webviewLogin_m64`
			`- webviewer`
			`- welcome`

Added stop-at-first-match in applicable templates 2021-09-02 11:59:10 +00:00			`stop-at-first-match: true`
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`matchers-condition: and`
			`matchers:`
more updates 2021-10-10 01:13:30 +00:00
Create CVE-2017-17562.yaml WIP 2021-03-27 21:22:33 +00:00			`- type: word`
			`words:`
Update CVE-2017-17562.yaml 2021-03-29 20:04:26 +00:00			`- "environment variable"`
Enhancement: cves/2017/CVE-2017-17562.yaml by mp 2022-06-19 15:17:21 +00:00			`- "display library search paths"`
Update CVE-2017-17562.yaml 2022-06-20 16:08:41 +00:00			`condition: and`
Enhancement: cves/2017/CVE-2017-17562.yaml by mp 2022-06-19 15:17:21 +00:00
Update CVE-2017-17562.yaml 2022-06-20 16:08:41 +00:00			`- type: status`
			`status:`
			`- 200`
Enhancement: cves/2017/CVE-2017-17562.yaml by mp 2022-06-19 15:17:21 +00:00			`# Enhanced by mp on 2022/06/19`