Merge pull request #8383 from 0xPugazh/main

Update phpmyadmin-setup.yaml and CVE-2022-21500.yaml
2023-10-13 15:12:24 +05:30 · 2023-10-13 15:12:24 +05:30 · 67edfa63c5
parent d4b760040a 7d17293977
commit 67edfa63c5
2 changed files with 9 additions and 4 deletions
--- a/http/cves/2022/CVE-2022-21500.yaml
+++ b/http/cves/2022/CVE-2022-21500.yaml
@ -2,7 +2,7 @@ id: CVE-2022-21500

 info:
  name: Oracle E-Business Suite <=12.2 - Authentication Bypass
-  author: 3th1c_yuk1,tess
+  author: 3th1c_yuk1,tess,0xpugazh
  severity: high
  description: |
    Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.
@ -23,7 +23,7 @@ info:
    cpe: cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*
  metadata:
    verified: true
-    max-request: 1
+    max-request: 5
    vendor: oracle
    product: e-business_suite
    shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200
@ -33,7 +33,11 @@ http:
  - method: GET
    path:
      - '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp'
+      - '{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp'
+      - '{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp'
+      - '{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp'

+    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
--- a/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
+++ b/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
@ -2,7 +2,7 @@ id: phpmyadmin-setup

 info:
  name: PhpMyAdmin Setup File - Detect
-  author: sheikhrishad,thevillagehacker,Kr1shna4garwal,ArjunChandarana
+  author: sheikhrishad,thevillagehacker,Kr1shna4garwal,ArjunChandarana,0xpugazh
  severity: medium
  description: Multiple phpMyAdmin setup files were detected.
  classification:
@ -10,7 +10,7 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
-    max-request: 15
+    max-request: 16
    verified: true
    shodan-query: http.html:"phpMyAdmin"
  tags: phpmyadmin,misconfig
@ -33,6 +33,7 @@ http:
      - "{{BaseURL}}/phpmyadmin/setup/"
      - "{{BaseURL}}/setup/index.php"
      - "{{BaseURL}}/admin/"
+      - "{{BaseURL}/phpMyAdminOLD/setup/index.php"

    stop-at-first-match: true
    matchers-condition: and