🔥 Add CVE-2020-10148

cves/CVE-2020-10148.yaml

@@ -0,0 +1,30 @@
+id: cve-2020-10148
+
+info:
+  name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA)
+  author: dwisiswant0
+  severity: high
+  description: |
+    This template could allow to bypass authentication and execute API
+    commands which may result in a compromise of the SolarWinds instance.
+
+  # References:
+  # - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
+  # - https://kb.cert.org/vuls/id/843464
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/web.config.i18n.ashx"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "orionProxy"
+          - "sw.web.compression"
+          - "SolarWinds.Orion.Core."
+        condition: or
+        part: body
+      - type: status
+        status:
+          - 200