Merge pull request #2503 from LogicalHunter/temp-5

Added CVE-2019-17503.yaml Template
2021-08-31 12:08:19 +05:30 · 2021-08-31 12:08:19 +05:30 · 182511566d
parent 276c72a515 b27bdcab41
commit 182511566d
1 changed files with 30 additions and 0 deletions
--- a/cves/2019/CVE-2019-17503.yaml
+++ b/cves/2019/CVE-2019-17503.yaml
@ -0,0 +1,30 @@
+id: CVE-2019-17503
+
+info:
+  name: Kirona Dynamic Resource Scheduling - information disclosure
+  author: LogicalHunter
+  severity: medium
+  description: An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly _ it contains sensitive information about the database through the SQL queries within this batch file
+  reference:
+    - https://www.exploit-db.com/exploits/47498
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17503
+  tags: cve,cve2019,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/osm/REGISTER.cmd"
+      - "{{BaseURL}}/osm_tiles/REGISTER.cmd"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - "DEBUGMAPSCRIPT=TRUE"
+          - "@echo off"
+        condition: and