From e974732b389d121bcd7c67365c3a574390bf17fa Mon Sep 17 00:00:00 2001
From: LogicalHunter <vicforbounty@gmail.com>
Date: Sat, 28 Aug 2021 02:51:21 -0700
Subject: [PATCH 1/3] Added CVE-2019-17503.yaml Template

---
 cves/2019/CVE-2019-17503.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 cves/2019/CVE-2019-17503.yaml

diff --git a/cves/2019/CVE-2019-17503.yaml b/cves/2019/CVE-2019-17503.yaml
new file mode 100644
index 0000000000..c389965dd5
--- /dev/null
+++ b/cves/2019/CVE-2019-17503.yaml
@@ -0,0 +1,29 @@
+id: CVE-2019-17503
+
+info:
+  name: Kirona Dynamic Resource Scheduling - information disclosure
+  author: LogicalHunter
+  severity: medium
+  description: An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly _ it contains sensitive information about the database through the SQL queries within this batch file
+  reference:
+    - https://www.exploit-db.com/exploits/47498
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17503
+  tags: cve2019,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/osm/REGISTER.cmd"
+      - "{{BaseURL}}/osm_tiles/REGISTER.cmd"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        part: body
+        words:
+          - "DEBUGMAPSCRIPT=TRUE"
+          - "sql"
+        condition: or

From 30d762883b72110023318851dd7380bc5c9ade86 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 29 Aug 2021 17:57:29 +0530
Subject: [PATCH 2/3] Update CVE-2019-17503.yaml

---
 cves/2019/CVE-2019-17503.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2019/CVE-2019-17503.yaml b/cves/2019/CVE-2019-17503.yaml
index c389965dd5..836d2793d8 100644
--- a/cves/2019/CVE-2019-17503.yaml
+++ b/cves/2019/CVE-2019-17503.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/47498
     - https://nvd.nist.gov/vuln/detail/CVE-2019-17503
-  tags: cve2019,exposure
+  tags: cve,cve2019,exposure
 
 requests:
   - method: GET

From b27bdcab41eadd2dd2a1bdd7bb37529eb5c4f805 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 31 Aug 2021 12:00:11 +0530
Subject: [PATCH 3/3] Update CVE-2019-17503.yaml

---
 cves/2019/CVE-2019-17503.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cves/2019/CVE-2019-17503.yaml b/cves/2019/CVE-2019-17503.yaml
index 836d2793d8..beca789136 100644
--- a/cves/2019/CVE-2019-17503.yaml
+++ b/cves/2019/CVE-2019-17503.yaml
@@ -21,9 +21,10 @@ requests:
       - type: status
         status:
           - 200
+
       - type: word
         part: body
         words:
           - "DEBUGMAPSCRIPT=TRUE"
-          - "sql"
-        condition: or
+          - "@echo off"
+        condition: and