daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc update

patch-1
sandeep 2021-11-06 16:51:03 +05:30
parent c1e8682918
commit 1d4ff44b88
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cves/2021/CVE-2021-31602.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-31602 id: CVE-2021-31602
info: info:
name: Pentaho <= 9.1 Authentication Bypass of Spring APIs name: Pentaho <= 9.1 Authentication Bypass of Spring APIs
author: pussycat0x author: pussycat0x
severity: medium severity: medium
metadata:
shodan-dork: 'Pentaho'
reference: reference:
- https://seclists.org/fulldisclosure/2021/Nov/13 - https://seclists.org/fulldisclosure/2021/Nov/13
- https://portswigger.net/daily-swig/remote-code-execution-sql-injection-bugs-uncovered-in-pentaho-business-analytics-software - https://portswigger.net/daily-swig/remote-code-execution-sql-injection-bugs-uncovered-in-pentaho-business-analytics-software
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31602 - https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
tags: pentaho,spring,auth-bypass,cve,cve2021 metadata:
shodan-query: 'Pentaho'
tags: cve,cve2021,pentaho,auth-bypass
requests: requests:
- method: GET - method: GET
@ -20,11 +21,12 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- '<roleList>' - '<roleList>'
- '<roles>Anonymous</roles>' - '<roles>Anonymous</roles>'
condition: and condition: and
part: body
- type: status - type: status
status: status:
- 200 - 200