re-wrote-template

2023-05-18 20:59:40 +05:30 · 2023-05-18 20:59:40 +05:30 · 4939442773
parent 7b035ab1eb
commit 4939442773
1 changed files with 45 additions and 19 deletions
--- a/http/cves/2022/CVE-2022-22733.yaml
+++ b/http/cves/2022/CVE-2022-22733.yaml
@ -1,29 +1,55 @@
 id: CVE-2022-22733

 info:
-  name: CVE-2022-22733 Apache ShardingSphere ElasticJob-UI privilege escalation
+  name: Apache ShardingSphere ElasticJob-UI privilege escalation
  author: Zeyad Azima
  severity: medium
-  description: CVE-2022-22733 is an Apache ShardingSphere ElasticJob-UI privilege escalation vulnerability and you could achieve Remote Code Execution checkout the Reference URL for full analysis of the vulnerability.
-  reference: https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation
+  description: |
+    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.
+  reference:
+    - https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-22733
+    - https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6
+    - http://www.openwall.com/lists/oss-security/2022/01/20/2
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 6.5
+    cve-id: CVE-2022-22733
+    cwe-id: CWE-200
+  metadata:
+    max-request: 1
+    shodan-query: http.favicon.hash:816588900
+    verified: "true"
+  tags: cve,cve2023,exposure,sharingsphere,apache

-requests:
-  - method: POST
-    path:
-      - "{{BaseURL}}:8088/api/login"
-    headers:
-      User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"
-      Accept: "application/json, text/plain, */*"
-      Accept-Language: "en-US,en;q=0.5"
-      Accept-Encoding: "gzip, deflate"
-      Content-Type: "application/json;charset=utf-8"
-      Access-Token: ""
-      Origin: "{{BaseURL}}:8088"
-      DNT: "1"
-      Connection: "close"
-      Referer: "{{BaseURL}}:8088"
-    body: '{"username":"guest","password":"guest"}'
+http:
+  - raw:
+      - |
+         POST /api/login HTTP/1.1
+         Host: {{Hostname}}
+         Accept: application/json, text/plain, */*
+         Access-Token: 
+         Content-Type: application/json;charset=UTF-8
+         Origin: {{RootURL}}
+         Referer: {{RootURL}}
+
+         {"username":"guest","password":"guest"}
+
+    matchers-condition: and
    matchers:
      - type: word
+        part: body
        words:
+          - '"success":true'
+          - '"isGuest":true'
          - '"accessToken":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: status
+        status:
+          - 200