Merge pull request #3931 from gy741/rule-add-v102

Create tekon-info-leak.yaml
2022-03-22 15:51:37 +05:30 · 2022-03-22 15:51:37 +05:30 · 1db552fdc8
parent 9d42570d7a c513d88d0d
commit 1db552fdc8
2 changed files with 35 additions and 5 deletions
--- a/.new-additions
+++ b/.new-additions
@ -1,5 +0,0 @@
-cnvd/2021/CNVD-2021-14536.yaml
-cves/2020/CVE-2020-17456.yaml
-cves/2020/CVE-2020-27467.yaml
-cves/2022/CVE-2022-0437.yaml
-vulnerabilities/huawei/huawei-hg255s-lfi.yaml
--- a/vulnerabilities/other/tekon-info-leak.yaml
+++ b/vulnerabilities/other/tekon-info-leak.yaml
@ -0,0 +1,35 @@
+id: tekon-info-leak
+
+info:
+  name: Tekon - Unauthenticated Log Leak
+  author: gy741
+  severity: low
+  description: A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device
+  reference: https://medium.com/@bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38
+  metadata:
+    shodan-query: title:"контроллер"
+  tags: tekon,exposure,unauth
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/cgi-bin/log.cgi'
+
+    max-size: 2048
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "-- Logs begin at"
+          - "end at"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200