From abad438c3b8b35e0046769d01346702fb46132e2 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Sat, 10 Apr 2021 03:40:04 +0530
Subject: [PATCH] Create CVE-2018-8770.yaml

---
 cves/2018/CVE-2018-8770.yaml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 cves/2018/CVE-2018-8770.yaml

diff --git a/cves/2018/CVE-2018-8770.yaml b/cves/2018/CVE-2018-8770.yaml
new file mode 100644
index 0000000000..a60457e799
--- /dev/null
+++ b/cves/2018/CVE-2018-8770.yaml
@@ -0,0 +1,27 @@
+id: CVE-2018-8770
+info:
+  name: Cobub Razor 0.8.0 Physical path Leakage Vulnerability
+  author: princechaddha
+  severity: medium
+  description: Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
+  reference: |
+    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770
+    - https://www.exploit-db.com/exploits/44495/
+  tags: cobub,razor,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tests/generate.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Fatal error: Class 'PHPUnit_Framework_TestCase' not found in "
+          - "/application/third_party/CIUnit/libraries/CIUnitTestCase.php on line"
+        condition: and
+        part: header
+      - type: status
+        status:
+          - 200