nuclei-templates/cves/2017/CVE-2017-17562.yaml

111 lines
2.4 KiB
YAML
Raw Normal View History

2021-03-27 21:22:33 +00:00
id: CVE-2017-17562
info:
name: Embedthis GoAhead <3.6.5 - Remote Code Execution
2021-03-27 21:22:33 +00:00
author: geeknik
severity: high
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
reference:
2021-03-27 21:22:33 +00:00
- https://www.elttam.com/blog/goahead/
- https://github.com/ivanitlearning/CVE-2017-17562
2021-04-01 07:58:30 +00:00
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
- https://github.com/embedthis/goahead/issues/249
- https://nvd.nist.gov/vuln/detail/CVE-2017-17562
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2017-17562
cwe-id: CWE-20
tags: cve,cve2017,rce,goahead,fuzz,cisa
2021-03-27 21:22:33 +00:00
requests:
- raw:
- |
GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1
Host: {{Hostname}}
Accept: */*
payloads:
2021-03-27 21:22:33 +00:00
endpoint:
- admin
- apply
- non-CA-rev
- cgitest
- checkCookie
- check_user
- chn/liveView
- cht/liveView
- cnswebserver
- config
- configure/set_link_neg
- configure/swports_adjust
- eng/liveView
- firmware
- getCheckCode
- get_status
- getmac
- getparam
- guest/Login
- home
- htmlmgr
- index
- index/login
- jscript
- kvm
- liveView
- login
- login.asp
- login/login
- login/login-page
- login_mgr
- luci
- main
- main-cgi
- manage/login
- menu
- mlogin
- netbinary
- nobody/Captcha
- nobody/VerifyCode
- normal_userLogin
- otgw
- page
- rulectl
- service
- set_new_config
- sl_webviewer
- ssi
- status
- sysconf
- systemutil
- t/out
- top
- unauth
- upload
- variable
- wanstatu
- webcm
- webmain
- webproc
- webscr
- webviewLogin
- webviewLogin_m64
- webviewer
- welcome
stop-at-first-match: true
2021-03-27 21:22:33 +00:00
matchers-condition: and
matchers:
2021-10-10 01:13:30 +00:00
2021-03-27 21:22:33 +00:00
- type: status
status:
- 200
2021-10-10 01:13:30 +00:00
2021-03-27 21:22:33 +00:00
- type: word
2021-10-10 01:13:30 +00:00
condition: and
2021-03-27 21:22:33 +00:00
words:
2021-03-29 20:04:26 +00:00
- "environment variable"
- "display library search paths"
# Enhanced by mp on 2022/06/19